Semgrep: Writing quick rules to verify ideas(blog.deesee.xyz) |
Semgrep: Writing quick rules to verify ideas(blog.deesee.xyz) |
Their docs and website try very hard to suggest you should use it for some kind of CI process, but so far I haven't found any need to do so. I can maybe see it being useful in a pre-commit hook.
It's VERY handy for semantic searches though - in situations where ripgrep would be useless due to multi-line matches.
I set up this alias to make it a bit less verbose for Python patterns:
pygrep () {
pat="$1"
shift
filez="$*"
bash -xc "semgrep --lang=python --pattern '$pat' $filez"
}
Usage is something like: pygrep 'myfunc(..., needle_arg=..., ...)'Not that this detracts from your main point. Semgrep is much smarter than ripgrep and goes well beyond multi line searches.
I just wanted to clarify the small thing.
semgrep.py search 'myfunc(..., needle_arg=..., ...)'
And then the other subcommands would remain semgrep scan --config auto
to scan with all recommended rules and semgrep ci
to scan in CI jobs.Edit: thanks for maintaining semgrep, started using it heavily in day job and the team started writing Frontends for it.
Just a piece of feedback for the record: I have been stuck in exactly the same place the few times I was interested in trying out a ripgrep alternative that understood semantics, but didn't have such an urgent need to actually understand how to get things going.
I wasn't trying to search for things that other people thought were interesting; I wanted a tool that would search for some pattern I thought of - and preferably without having to write a yaml file.
Edit: It's approved but that's just our CEO :D I'll wait for an approval from our tech writers who are in non-US time zones, so your suggestion will likely land tomorrow. Thank you!
Though, as I tried to type that, I typed semgrep.py twice. The dot name really seems like a file extension, though. I'm torn.
Also, first time trying the tool and I love it!
Maybe it's that the dot makes it feel like 'variants' of 'semgrep' (even if for the wrong reason) but semgrep-py feels like an entirely distinct binary from semgrep or any other variants.