{"id":17977036,"url":"https://github.com/0xdea/semgrep-rules","last_synced_at":"2025-04-04T10:08:58.126Z","repository":{"id":40616955,"uuid":"470501887","full_name":"0xdea/semgrep-rules","owner":"0xdea","description":"A collection of my Semgrep rules to facilitate vulnerability research.","archived":false,"fork":false,"pushed_at":"2024-07-09T19:39:00.000Z","size":488,"stargazers_count":616,"open_issues_count":4,"forks_count":66,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-03-28T09:07:26.299Z","etag":null,"topics":["code-review","semgrep","semgrep-rules","static-analysis","vulnerability-research"],"latest_commit_sha":null,"homepage":"https://semgrep.dev","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xdea.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-16T08:54:00.000Z","updated_at":"2025-03-27T11:45:01.000Z","dependencies_parsed_at":"2023-10-11T16:11:49.809Z","dependency_job_id":"c0d3c098-743f-408d-9c31-74a11a1809ec","html_url":"https://github.com/0xdea/semgrep-rules","commit_stats":{"total_commits":448,"total_committers":3,"mean_commits":"149.33333333333334","dds":0.004464285714285698,"last_synced_commit":"1e167a89741f2e61c791b381afe72414fb11beb5"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fsemgrep-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fsemgrep-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fsemgrep-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fsemgrep-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xdea","download_url":"https://codeload.github.com/0xdea/semgrep-rules/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247157283,"owners_count":20893220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-review","semgrep","semgrep-rules","static-analysis","vulnerability-research"],"created_at":"2024-10-29T17:26:06.172Z","updated_at":"2025-04-04T10:08:58.099Z","avatar_url":"https://github.com/0xdea.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# semgrep-rules\n[![](https://img.shields.io/github/stars/0xdea/semgrep-rules.svg?style=flat\u0026color=yellow)](https://github.com/0xdea/semgrep-rules)\n[![](https://img.shields.io/github/forks/0xdea/semgrep-rules.svg?style=flat\u0026color=green)](https://github.com/0xdea/semgrep-rules)\n[![](https://img.shields.io/github/watchers/0xdea/semgrep-rules.svg?style=flat\u0026color=red)](https://github.com/0xdea/semgrep-rules)\n[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)\n[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)\n\n\u003e \"The attack surface is the vulnerability. Finding a bug there is just a detail.\"\n\u003e \n\u003e -- Mark Dowd\n\n\u003e \"Some details are more important than others.\"\n\u003e \n\u003e -- Fedor G. Pikus\n\nA collection of my Semgrep rules to facilitate vulnerability research.\n\nBlog posts:  \nhttps://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research  \nhttps://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/  \nhttps://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset\n\nSee also:  \nhttps://semgrep.dev/r\n\n[![Program in C](https://img.youtube.com/vi/tas0O586t80/sddefault.jpg)](https://www.youtube.com/embed/tas0O586t80)\n\n## Setup and usage instructions\n\n1. Install [Semgrep](https://semgrep.dev/docs/getting-started/). \n2. Clone this github repo.\n3. To use these rules, run:\n\n```sh\n# high priority scan\n$ semgrep --severity ERROR --config PATH/TO/RULES PATH/TO/SOURCE\n# high and medium priority scan\n$ semgrep --severity ERROR --severity WARNING --config PATH/TO/RULES PATH/TO/SOURCE\n# full scan\n$ semgrep --config PATH/TO/RULES PATH/TO/SOURCE\n```\n\nFor a better streamlined experience, I recommend saving semgrep scan output in [SARIF](https://sarifweb.azurewebsites.net/) format and using [SARIF Viewer](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer) in [VS Code](https://code.visualstudio.com/).\n\n## C/C++\n\n### buffer overflows\n* [**insecure-api-gets**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-gets.yaml). Use of the insecure API function gets().\n* [**insecure-api-strcpy-stpcpy-strcat**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-strcpy-stpcpy-strcat.yaml). Use of potentially insecure API functions strcpy(), stpcpy(), strcat().\n* [**insecure-api-sprintf-vsprintf**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-sprintf-vsprintf.yaml). Use of potentially insecure API functions sprintf() and vsprintf().\n* [**insecure-api-scanf-etc**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-scanf-etc.yaml). Use of potentially insecure API functions in the scanf() family.\n* [**incorrect-use-of-strncat**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-strncat.yaml). Wrong size argument passed to strncat().\n* [**incorrect-use-of-strncpy-stpncpy-strlcpy**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-strncpy-stpncpy-strlcpy.yaml). Wrong size argument passed to strncpy(), stpncpy(), strlcpy().\n* [**incorrect-use-of-sizeof**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-sizeof.yaml). Accidental use of the sizeof() operator on a pointer instead of its target.\n* [**unterminated-string-strncpy-stpncpy**](https://github.com/0xdea/semgrep-rules/blob/main/c/unterminated-string-strncpy-stpncpy.yaml). Lack of explicit NUL-termination after strncpy() and stpncpy().\n* [**off-by-one**](https://github.com/0xdea/semgrep-rules/blob/main/c/off-by-one.yaml). Potential off-by-one error.\n* [**pointer-subtraction**](https://github.com/0xdea/semgrep-rules/blob/main/c/pointer-subtraction.yaml). Potential use of pointer subtraction to determine size.\n* [**unsafe-ret-snprintf-vsnprintf**](https://github.com/0xdea/semgrep-rules/blob/main/c/unsafe-ret-snprintf-vsnprintf.yaml). Potentially unsafe use of the return value of snprintf() and vsnprintf().\n* [**unsafe-ret-strlcpy-strlcat**](https://github.com/0xdea/semgrep-rules/blob/main/c/unsafe-ret-strlcpy-strlcat.yaml). Potentially unsafe use of the return value of strlcpy() and strlcat().\n* [**write-into-stack-buffer**](https://github.com/0xdea/semgrep-rules/blob/main/c/write-into-stack-buffer.yaml). Direct write into buffer allocated on the stack.\n\n### integer overflows\n* [**incorrect-unsigned-comparison**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-unsigned-comparison.yaml). Checking if an unsigned variable is negative.\n* [**signed-unsigned-conversion**](https://github.com/0xdea/semgrep-rules/blob/main/c/signed-unsigned-conversion.yaml). Potential signed/unsigned conversion errors.\n* [**integer-truncation**](https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml). Potential integer truncation errors.\n* [**unsafe-strlen**](https://github.com/0xdea/semgrep-rules/blob/main/c/unsafe-strlen.yaml). Casting the return value of strlen() to short might be dangerous.\n* [**integer-wraparound**](https://github.com/0xdea/semgrep-rules/blob/main/c/integer-wraparound.yaml). Potential integer wraparound errors.\n\n### format strings\n* [**format-string-bugs**](https://github.com/0xdea/semgrep-rules/blob/main/c/format-string-bugs.yaml). Potential format string bugs.\n\n### memory management\n* [**insecure-api-alloca**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-alloca.yaml). Use of the potentially insecure API function alloca().\n* [**use-after-free**](https://github.com/0xdea/semgrep-rules/blob/main/c/use-after-free.yaml). Potential use after free().\n* [**double-free**](https://github.com/0xdea/semgrep-rules/blob/main/c/double-free.yaml). Potential double free().\n* [**incorrect-use-of-free**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-free.yaml). Calling free() on memory not in the heap.\n* [**unchecked-ret-malloc-calloc-realloc**](https://github.com/0xdea/semgrep-rules/blob/main/c/unchecked-ret-malloc-calloc-realloc.yaml). Unchecked return code of malloc(), calloc(), realloc().\n* [**ret-stack-address**](https://github.com/0xdea/semgrep-rules/blob/main/c/ret-stack-address.yaml). Potential return of the address of a stack-allocated variable.\n* [**putenv-stack-var**](https://github.com/0xdea/semgrep-rules/blob/main/c/putenv-stack-var.yaml). Call to putenv() with a stack-allocated variable.\n* [**memory-address-exposure**](https://github.com/0xdea/semgrep-rules/blob/main/c/memory-address-exposure.yaml). Potential exposure of underlying memory addresses.\n* [**mismatched-memory-management**](https://github.com/0xdea/semgrep-rules/blob/main/c/mismatched-memory-management.yaml). Potentially mismatched C memory management routines.\n* [**mismatched-memory-management-cpp**](https://github.com/0xdea/semgrep-rules/blob/main/c/mismatched-memory-management-cpp.yaml). Potentially mismatched C++ memory management routines.\n\n### command injection\n* [**command-injection**](https://github.com/0xdea/semgrep-rules/blob/main/c/command-injection.yaml). Potential OS command injection via system() or popen().\n\n### race conditions\n* [**insecure-api-access-stat-lstat**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-access-stat-lstat.yaml). Use of insecure API functions access(), stat(), lstat().\n* [**insecure-api-mktemp-tmpnam-tempnam**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-mktemp-tmpnam-tempnam.yaml). Use of insecure API functions mktemp(), tmpnam(), tempnam().\n* [**insecure-api-signal**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-signal.yaml). Use of insecure API function signal().\n\n### privilege management\n* [**incorrect-order-setuid-setgid-etc**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-order-setuid-setgid-etc.yaml). Privilege management functions called in the wrong order.\n* [**unchecked-ret-setuid-seteuid**](https://github.com/0xdea/semgrep-rules/blob/main/c/unchecked-ret-setuid-seteuid.yaml). Unchecked return code of setuid() and seteuid().\n\n### miscellaneous\n* [**incorrect-use-of-memset**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-memset.yaml). Wrong order of arguments to memset().\n* [**insecure-api-rand-srand**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-rand-srand.yaml). Use of potentially insecure API functions rand() and srand().\n* [**incorrect-use-of-sprintf-snprintf**](https://github.com/0xdea/semgrep-rules/blob/main/c/incorrect-use-of-sprintf-snprintf.yaml). Source and destination overlap in sprintf() and snprintf().\n* [**suspicious-assert**](https://github.com/0xdea/semgrep-rules/blob/main/c/suspicious-assert.yaml). Potentially invalid size check due to use of assertion macros.\n* [**interesting-api-calls**](https://github.com/0xdea/semgrep-rules/blob/main/c/interesting-api-calls.yaml). Calls to interesting and potentially insecure API functions.\n* [**unchecked-ret-scanf-etc**](https://github.com/0xdea/semgrep-rules/blob/main/c/unchecked-ret-scanf-etc.yaml). Unchecked return code of functions in the scanf() family.\n* [**insecure-api-atoi-atol-atof**](https://github.com/0xdea/semgrep-rules/blob/main/c/insecure-api-atoi-atol-atof.yaml). Use of potentially insecure API functions atoi(), atol(), atof().\n* [**argv-envp-access**](https://github.com/0xdea/semgrep-rules/blob/main/c/argv-envp-access.yaml). Command-line argument or environment variable access.\n* [**missing-default-in-switch**](https://github.com/0xdea/semgrep-rules/blob/main/c/missing-default-in-switch.yaml). Missing default case in a switch statement.\n* [**missing-break-in-switch**](https://github.com/0xdea/semgrep-rules/blob/main/c/missing-break-in-switch.yaml). Missing break or equivalent in a switch statement.\n* [**missing-return**](https://github.com/0xdea/semgrep-rules/blob/main/c/missing-return.yaml). Missing return statement in non-void function.\n* [**typos**](https://github.com/0xdea/semgrep-rules/blob/main/c/typos.yaml). Potential typos with security implications.\n\n## Generic\n\n### miscellaneous\n* [**bad-words**](https://github.com/0xdea/semgrep-rules/blob/main/generic/bad-words.yaml). Keywords and comments that suggest the presence of bugs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fsemgrep-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xdea%2Fsemgrep-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fsemgrep-rules/lists"}