Set of Cairo 1.0 rules to be used with Semgrep.
We assume that you have Semgrep already installed, otherwise you can refer to the following doc.
- Get the last version of the rules that you can find on the release page
- From the terminal, call Semgrep with the rule you've downloaded in 1.
semgrep scan --config path/to/rules.yaml path/to/cairo_code
We strongly encourage anyone who wants to participate in improving the security of Starknet smart contracts to contribute to this repository either by creating new rules or improving existing ones.
Here are the guidelines to contribute
- Create/Modify rules in
rules/ - Add in
testsone or several test case of your rule. We rely on the Semgrep testing facilities for our testing suite so please read the following doc to understand how it works. - To test the rules you need to have Semgrep installed. Run the following command
semgrep scan --config rules --test tests
- If all tests are
ok, create a new file inchangelog.dand document it according tochangelog.d/README.md - Open a PR where you shortly describe the purpose of your change