MCPcopy Index your code
hub / github.com/elttam/semgrep-rules

github.com/elttam/semgrep-rules @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
377 symbols 483 edges 60 files 51 documented · 14%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

elttam's semgrep-rules

powered by semgrep r2c community slack

Welcome to elttam's public semgrep rules repository.

semgrep rules

We regularly develop rules during our code-assisted security audits and software security research. We will be frequently adding new rules and improving what's here for the semgrep community. We hope product security engineers and code auditors who use semgrep find these useful!

If you find any bugs, please raise a GitHub issue.

Getting started

This guide assumes you are familiar with Semgrep and have it already installed.

This repo has split the rules into two broard categories:

  1. rules/ -- Rules useful for developers or AppSec teams, these are generally vulnerabilities.
  2. rules-audit/ -- Rules useful for source code auditing, identifying intersting behaviour, and enumerating entrypoints, to augment manual source code review.

Test out this repo with the following command:

git clone https://github.com/elttam/semgrep-rules.git

To test out the rules, run:

semgrep --config semgrep-rules/rules semgrep-rules/rules/

To test out the audit focused rules, run:

semgrep --config semgrep-rules/rules-audit semgrep-rules/rules-audit/

Rules

These rules are focused on identifying vulnerabiltiies or other weaknesses.

Rule Path Language Technology Description
generic/jsp-likely-xss Generic JSP Detect XSS with unsafe rendering in template
go/lang/security/audit/executable-symlink Go Potential symlink takeover with os.Executable
go/lang/security/audit/sprintf-plain-string Go Sprintf unescaped control characters
go/lang/security/audit/uintptr-nonatomic Go Non-atomic use of converted uintptr
java/lang/security/audit/crypto/gcm-static-iv Java Find GCM using same values for key and IV
java/lang/security/audit/crypto/randomstringutils Java Apache Commons Find RandomStringUtils using default java.util.Random, which is not suiatble for security
java/spring/security/audit/remoting/ Java Spring Find use of Spring Remoting
php/php-filter-chain-read-from-oracle PHP Detect possible PHP filter chain error based oracle
yaml/github-actions/security/save-state YAML Github-Actions Find use of unsafe and deprecated ::save-state
yaml/github-actions/security/set-output YAML Github-Actions Find use of unsafe and deprecated ::set-output
yaml/kubernetes/audit/network-policy-ingress-any YAML Kubernetes Find container specs with NetworkPolicy with Ingress Permit ANY
yaml/kubernetes/audit/privileged-container YAML Kubernetes Find container specs with security context privileged
yaml/kubernetes/security/allow-privileged-escalation YAML Kubernetes Find container specs, including init containers, allowing privilege escalation (allowPrivilegeEscalation)
yaml/kubernetes/security/no-security-context YAML Kubernetes Find containers specs, with no security context, considers pod or container security context.
yaml/kubernetes/security/run-as-non-root YAML Kubernetes Find container specs, allowing running as root (missing runAsNonRoot), considers pod and container security context PR
yaml/kubernetes/security/run-as-non-root-unsafe-value YAML Kubernetes Find container specs, explicitly allowing running as root (runAsNonRoot: false), considers pod and container secuirity context PR

Audit Focused Rules

These rules are useful for aiding manual source code review by identifying interesting behaviour or enumerating entrypoints.

Rule Path Language Technology Description
c/lang/security/audit/exec C Find execution of processes
csharp/dotnet/security/audit/entrypoints/apsnet-controller C# ASP.NET Find ASP.NET REST entrypoints
java/jackson/polymorphic-typing Java Jackson Find polymorphic typing to aid in finding vulnerable Jackson deserialisation issues.
java/jackson/type-resolver-override Java Jackson Find polymorphic typing using TypeResolveBuilder
java/jax-rs/security/audit/entrypoints/ Java JAX-RS Find JAX-RS REST entrypoints
java/lang/security/audit/processbuilder Java Find execution of processes with ProcessBuilder
java/spring/security/audit/entrypoints/ Java Spring Find Spring REST entrypoints
java/struts2/security/audit/devmode/ Java Struts2 Find the use of devMode
java/struts2/security/audit/dmi/ Java Struts2 Find the use of Dynamic Method Invocation
java/struts2/security/audit/entrypoints/ Java Struts2 Find Struts2 REST entrypoints
java/xstream/security/audit/fromxml Java XStream Find use of XStream.fromXML(...)
kotlin/spark/security/audit/entrypoints/ Kotlin Spark Find Spark REST entrypoints
python/flask/security/audit/entrypoints/ Python Flask Find Flask REST entrypoints

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

sformat
called by 4
rules/go/lang/security/audit/sprintf-plain-string.go
qformat
called by 4
rules/go/lang/security/audit/sprintf-plain-string.go
put
called by 4
rules-audit/java/spring/security/audit/entrypoints/putmapping.java
status
called by 4
rules-audit/java/spring/security/audit/entrypoints/getmapping.java
init
called by 3
rules-audit/java/spring/security/audit/entrypoints/restcontroller.java
printFile
called by 2
rules/go/lang/security/audit/executable-symlink.go
transform
called by 2
rules/java/lang/security/audit/crypto/gcm-static-iv.java
transform
called by 2
rules/java/lang/security/audit/crypto/gcm-static-iv.java

Shape

Method 196
Class 85
Function 80
Struct 9
Route 4
Enum 1
Interface 1
TypeAlias 1

Languages

Java67%
Go19%
Python6%
C4%
C#3%
TypeScript1%

Modules by API surface

rules-audit/java/jax-rs/security/audit/entrypoints/path-class-method.java24 symbols
rules-audit/java/spring/security/audit/entrypoints/restcontroller.java16 symbols
rules/java/lang/security/audit/crypto/gcm-static-iv.java15 symbols
rules-audit/python/orm-leak/django-orm.py14 symbols
rules-audit/java/jax-rs/security/audit/entrypoints/path-class.java13 symbols
rules-audit/java/spring/security/audit/entrypoints/responsebody.java12 symbols
rules-audit/java/spring/security/audit/entrypoints/postmapping.java12 symbols
rules-audit/java/spring/security/audit/entrypoints/getmapping.java12 symbols
rules-audit/java/jax-rs/security/audit/entrypoints/provider.java12 symbols
rules-audit/java/jax-rs/security/audit/entrypoints/path-class-string.java12 symbols
rules-audit/java/jax-rs/security/audit/entrypoints/path-class-method-string.java12 symbols
rules-audit/java/jax-rs/security/audit/entrypoints/method-path.java12 symbols

For agents

$ claude mcp add semgrep-rules \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact