Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5596988c94
brotherton-erpnext/.github/helper/semgrep_rules
History
Chillar Anand 915b34391c
chore: Clean up imports (#27302) 
* chore: Added isort to pre-commit config

* chore: Sort imports with isort

* chore: Clean up imports with pycln

* chore: Sort imports with isort

* chore: Fix import issues

* chore: Clean up sider issues

* chore: Remove import errors from flake8 ignore list

* chore: Clean up lint issues
2021-09-02 16:44:59 +05:30
..
frappe_correctness.py chore: Clean up imports (#27302) 2021-09-02 16:44:59 +05:30
frappe_correctness.yml ci: make semgrep ignore existing errors (#26516) 2021-07-15 19:30:05 +05:30
README.md ci(semgrep): Add semgrep testing (#24871) 2021-04-16 21:44:49 +05:30
report.py ci(semgrep): add translation checks for report labels (#27280) 2021-09-01 14:19:39 +05:30
report.yml ci(semgrep): add translation checks for report labels (#27280) 2021-09-01 14:19:39 +05:30
security.py ci(semgrep): Add semgrep testing (#24871) 2021-04-16 21:44:49 +05:30
security.yml chore: remove warning rules 2021-07-21 19:54:06 +05:30
translate.js ci: enable semgrep check on v13 branches and update rules (#25647) 2021-05-11 18:27:20 +05:30
translate.py ci(semgrep): fix false positives (#25823) 2021-05-25 14:06:10 +05:30
translate.yml ci(semgrep): fix false positives (#25823) 2021-05-25 14:06:10 +05:30
ux.js ci(semgrep): fix false positives (#25823) 2021-05-25 14:06:10 +05:30
ux.py ci(semgrep): fix false positives (#25823) 2021-05-25 14:06:10 +05:30
ux.yml ci(semgrep): fix false positives (#25823) 2021-05-25 14:06:10 +05:30

README.md

Semgrep linting

What is semgrep?

Semgrep or "semantic grep" is language agnostic static analysis tool. In simple terms semgrep is syntax-aware grep, so unlike regex it doesn't get confused by different ways of writing same thing or whitespaces or code split in multiple lines etc.

Example:

To check if a translate function is using f-string or not the regex would be r"_\(\s*f[\"']" while equivalent rule in semgrep would be _(f"..."). As semgrep knows grammer of language it takes care of unnecessary whitespace, type of quotation marks etc.

You can read more such examples in .github/helper/semgrep_rules directory.

Why/when to use this?

We want to maintain quality of contributions, at the same time remembering all the good practices can be pain to deal with while evaluating contributions. Using semgrep if you can translate "best practice" into a rule then it can automate the task for us.

Running locally

Install semgrep using homebrew brew install semgrep or pip pip install semgrep.

To run locally use following command:

semgrep --config=.github/helper/semgrep_rules [file/folder names]

Testing

semgrep allows testing the tests. Refer to this page: https://semgrep.dev/docs/writing-rules/testing-rules/

When writing new rules you should write few positive and few negative cases as shown in the guide and current tests.

To run current tests: semgrep --test --test-ignore-todo .github/helper/semgrep_rules

Reference

If you are new to Semgrep read following pages to get started on writing/modifying rules: