pixivfe/semgrep.yml

# Usage: semgrep scan -f semgrep.yml
rules:
- id: rule-0
  message: "find http requests made not with *fiber.Ctx available"
  languages: [go]
  severity: WARNING
  patterns:
  - pattern-either:
    - pattern: |
        http.UnwrapWebAPIRequest(...)
    - pattern: |
        http.WebAPIRequest(...)
  - pattern-not-inside: |
      func $FUNC(c *fiber.Ctx, ...) $RET {
        ...
      }
- id: rule-1
  message: "find http requests made (limiter should be installed at all places)"
  languages: [go]
  # severity: INFO
  severity: INVENTORY
  patterns:
  - pattern-either:
    - pattern: |
        http.UnwrapWebAPIRequest(...)
    - pattern: |
        http.WebAPIRequest(...)
- id: rule-2
  message: "gjson.Get without gjson.Valid"
  languages: [go]
  severity: ERROR
  patterns:
  # - pattern-inside: |
  #     func $FUNC(...) $RET {
  #       ...
  #     }
  - pattern: |
      gjson.Get($X, ...)
  - pattern-not-inside: |
      if !gjson.Valid($X) {
        $...DISCARD
      }
      ...