semgrep-rules icon indicating copy to clipboard operation
semgrep-rules copied to clipboard
verified publisher icon frappe

New set of required rules

Open ankush opened this issue 8 months ago • 1 comments

All of these should raise a warning:

Security

  • Typical patterns for SQLi
  • Typical patterns for code injection
  • Known footguns
  • Loose default permission
  • Explicitly ignored checks
  • Go through our own findings and encode them as rules

Correctness

  • All bad/impossible/breaking DB migrations - These aren't easy to achieve in semgrep itself, maybe also add a warning inside framework.
  • Review the last 1-2 years of new bug patterns and encode them. I've not added anything new for ~1 year now.

ankush avatar Mar 25 '25 15:03 ankush

Basic requirements:

  • learn how to write semgrep rules - https://semgrep.dev/docs/writing-rules/overview/
  • Ensure minimal false positives (scan existing codebases)
  • Write test cases for test cases! https://semgrep.dev/docs/writing-rules/testing-rules/

ankush avatar Mar 25 '25 15:03 ankush