diff --git a/.forgejo/workflows/tests.yml b/.forgejo/workflows/tests.yml index f66a2c40..e05ff931 100644 --- a/.forgejo/workflows/tests.yml +++ b/.forgejo/workflows/tests.yml @@ -20,6 +20,21 @@ jobs: - name: Run linters run: make lint + semgrep: + name: semgrep + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Install semgrep + run: make semgrep-install + + - name: Run semgrep + run: make semgrep + tests: name: Tests runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 60411546..88d53a4a 100755 --- a/Makefile +++ b/Makefile @@ -162,6 +162,15 @@ staticcheck-install: staticcheck-run: @staticcheck ./... +semgrep-install: + @python3 -m pip install --upgrade virtualenv + @python3 -m virtualenv venv + @. venv/bin/activate && pip install semgrep + +semgrep: + @. venv/bin/activate + @semgrep --error -f semgrep.yml . || (test $$? -eq 127 && echo "Run: make semgrep-install") + # Run linters in Docker docker/lint: docker run --rm -t \ diff --git a/semgrep.yml b/semgrep.yml new file mode 100644 index 00000000..1b15f156 --- /dev/null +++ b/semgrep.yml @@ -0,0 +1,10 @@ +rules: +- id: find-sprintf + languages: + - go + message: Found fmt.Sprintf usage + pattern-either: + - pattern: fmt.Sprintf("%d", $VAR) + - pattern: fmt.Sprintf("%f", $VAR) + - pattern: fmt.Sprintf("%t", $VAR) + severity: ERROR