Semgrep
Semgrep is a cool project. Command line entry is here.
A few comment commands
1
2
3
4
5
6
7
8
9
# scan a doc to test patthen matching
semgrep scan -l yaml -e '<pattern_to_test>' <file_name>
# Sometimes, the pattern has new line or indendention that is not easy to put
# into one line, we can simply do
semgrep scan -l yaml -e "$(cat pattern.txt)" <file_name>
# run the rule directly
semgrep scan -l yaml --config <rule_file>
Semgrep has wildcard operators in generic pattern matching. See doc.
This post is licensed under CC BY 4.0 by the author.