[#628] semgrep: Add semgrep

Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2023-08-22 17:37:08 +03:00 · 2023-08-22 17:37:08 +03:00 · 9d2999327e
commit 9d2999327e
parent 62c2ad4b22
3 changed files with 34 additions and 0 deletions
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -20,6 +20,21 @@ jobs:
      - name: Run linters
        run: make lint

+    semgrep:
+      name: semgrep
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v3
+        - uses: actions/setup-python@v4
+          with:
+            python-version: '3.10'
+
+        - name: Install semgrep
+          run: make semgrep-install
+
+        - name: Run semgrep
+          run: make semgrep
+
  tests:
    name: Tests
    runs-on: ubuntu-latest
--- a/9
+++ b/9
@ -162,6 +162,15 @@ staticcheck-install:
 staticcheck-run:
 	@staticcheck ./...

+semgrep-install:
+	@python3 -m pip install --upgrade virtualenv
+	@python3 -m virtualenv venv
+	@. venv/bin/activate && pip install semgrep
+
+semgrep:
+	@. venv/bin/activate
+	@semgrep --error -f semgrep.yml . || (test $$? -eq 127 && echo "Run: make semgrep-install")
+
 # Run linters in Docker
 docker/lint:
 	docker run --rm -t \
--- a/semgrep.yml
+++ b/semgrep.yml
@ -0,0 +1,10 @@
+rules:
+- id: find-sprintf
+  languages:
+    - go
+  message: Found fmt.Sprintf usage
+  pattern-either:
+    - pattern: fmt.Sprintf("%d", $VAR)
+    - pattern: fmt.Sprintf("%f", $VAR)
+    - pattern: fmt.Sprintf("%t", $VAR)
+  severity: ERROR