semgrep-rules
semgrep-rules copied to clipboard
0xdea
A collection of my Semgrep rules to facilitate vulnerability research.
First of all, @0xdea, you have done great work there with the coverage, also if the support offered by semgrep is still limited. I found that some C/CPP functions are...
The `raptor-ret-stack-address` rule checks if we are returning a pointer to a stack variable. It returns a false positive if we are returning a static variable. ```cpp static SomeObject* getObject()...
Hi Marco, congratulations for this repository! With this pull request, I propose a little update about these rules: - **command-injection**: exec* checks - **double-free**: support to loops - **incorrect-use-of-free**: return...
Not sure if this is a change you'd like but words like "overflow" and warning" appear commonly in css files but are never anything to investigate closer and can probably...
Suggested improvements from [https://cc-sw.com/semgrep-guide-for-a-security-engineer-part-5-of-6/](https://cc-sw.com/semgrep-guide-for-a-security-engineer-part-5-of-6/): Remove IDA decorators that have shown to cause issues with Semgrep parser: ``` virtual thunk to non-virtual thunk to vtable for typeinfo for guard variable for...
Symbolic propagation is an [experimental feature](https://semgrep.dev/docs/writing-rules/experiments/symbolic-propagation) that used together with `metavariable-comparison` might help reduce some false positives. See an example related to out-of-bound reads at . Quoting from the article:...