/semgrep-rules

A collection of my Semgrep rules to facilitate vulnerability research.

Primary LanguageCMIT LicenseMIT

semgrep-rules

"The attack surface is the vulnerability. Finding a bug there is just a detail."

-- Mark Dowd

"Some details are more important than others."

-- Fedor G. Pikus

A collection of my Semgrep rules to facilitate vulnerability research.

Blog posts:
https://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research
https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
https://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset

See also:
https://semgrep.dev/r

Program in C

Setup and usage instructions

  1. Install Semgrep.
  2. Clone this github repo.
  3. To use these rules, run:
# high priority scan
$ semgrep --severity ERROR --config PATH/TO/RULES PATH/TO/SOURCE
# high and medium priority scan
$ semgrep --severity ERROR --severity WARNING --config PATH/TO/RULES PATH/TO/SOURCE
# full scan
$ semgrep --config PATH/TO/RULES PATH/TO/SOURCE

For a better streamlined experience, I recommend saving semgrep scan output in SARIF format and using SARIF Viewer in VS Code.

C/C++

buffer overflows

integer overflows

format strings

memory management

command injection

race conditions

privilege management

miscellaneous

Generic

miscellaneous

  • bad-words. Keywords and comments that suggest the presence of bugs.