New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New set of required rules #32

Open

ankush opened this issue Mar 25, 2025 · 1 comment

Member

ankush commented Mar 25, 2025 •

edited

Loading

All of these should raise a warning:

Security

Typical patterns for SQLi
Typical patterns for code injection
Known footguns
Loose default permission
Explicitly ignored checks
Go through our own findings and encode them as rules

Correctness

All bad/impossible/breaking DB migrations - These aren't easy to achieve in semgrep itself, maybe also add a warning inside framework.
Review the last 1-2 years of new bug patterns and encode them. I've not added anything new for ~1 year now.

Member Author

ankush commented Mar 25, 2025

Basic requirements:

learn how to write semgrep rules - https://semgrep.dev/docs/writing-rules/overview/
Ensure minimal false positives (scan existing codebases)
Write test cases for test cases! https://semgrep.dev/docs/writing-rules/testing-rules/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment