Skip to content

becojo/semsearch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

semsearch

CLI interface to create and run Semgrep rules that are more complex that what the Semgrep CLI can handle.

Usage: semsearch [options]

Pattern options:
  -l,   --language <language>               Add a language to the rule
  -p,   --pattern <pattern>                 Pattern to search for
  -pi,  --pattern-inside <pattern>          Pattern to search for inside the matched pattern
  -pni, --pattern-not-inside <pattern>      Pattern to search for not inside the matched pattern
  -pr,  --pattern-regex <pattern>           Pattern to search for using a regex
  -pnr, --pattern-not-regex <pattern>       Pattern to search for not using a regex
  -mr,  --metavariable-regex <name=regex>   Metavariable to search for using a regex
  -fm,  --focus-metavariable <name>         Metavariable to focus on

Pattern group options:
  -ps,  --patterns                          Start a pattern group where all patterns must match
  -pe,  --pattern-either <pattern>          Start a pattern group where any pattern may match
  ],    --pop                               Exit the current pattern group

Search options:
  -i,   --path <path>                       Add the path to the search
  -e,   --eval <string>                     Evaluate the rule on the given string

Rule options:
  --id  <id>                                Rule ID
  -f,   --format <format>                   Output format (json, text, sarif, vim)
  -c,   --config <config>                   Add additional rules
  -m,   --message <message>                 Message to display
  -fx,  --fix <pattern>                     Fix pattern
  -af,  --autofix                           Write fixes


Other options:
  --debug                                   Debug mode
  --export                                  Output the rule instead of running Semgrep

Examples

Search functions related to *State

semsearch -l go -fm F -pe -p 'func ($S *State) $F(...) {...}'  -p 'func $F(...) *State {...}'
    cmd/semsearch.go
    ❯❱ id
          123┆ func NewState() *State {
             ┆----------------------------------------
          135┆ func (s *State) Args() []string {
             ┆----------------------------------------
          161┆ func (s *State) AddCondition(cond Condition) {
             ┆----------------------------------------
          166┆ func (s *State) Build(args []string) {
             ┆----------------------------------------
          276┆ func (s *State) Tempfile(name string) (*os.File, error) {
             ┆----------------------------------------
          285┆ func (s *State) Cleanup() {
             ┆----------------------------------------
          291┆ func (s *State) Prepare() {
             ┆----------------------------------------
          308┆ func (s *State) Exec() {

Output the Semgrep rule instead of running it

semsearch -l go -fm F -pe -p 'func ($S *State) $F(...) {...}'  -p 'func $F(...) *State {...}' --export
rules:
- id: id
  patterns:
  - focus-metavariable: $F
  - pattern-either:
    - pattern: func ($S *State) $F(...) {...}
    - pattern: func $F(...) *State {...}
  severity: WARNING
  message: ""
  languages:
  - go

About

Semgrep CLI wrapper

Topics

cli golang static-analysis security-tools semgrep

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v0.3 Latest
Nov 16, 2024
+ 2 releases

Languages