本项目收集整理Semgrep相关内容,包括Semgrep的设计原理实现方法或使用Semgrep进行的漏洞挖掘案例等。Semgrep基于语义的代码分析思想在SAST领域将会是一把利剑,无需编译快速扫描更是其优点。作者:0e0w
本项目创建于2022年3月17日,最近的一次更新时间为2022年7月20日。
本章节收集整理Semgrep的相关资源内容,文章内容质量参差不齐,建议深入学习官方资源!
一、官方资源
- https://semgrep.dev/docs
- https://semgrep.dev/learn
- https://github.com/returntocorp/semgrep
- https://github.com/returntocorp/semgrep-rules
- https://github.com/returntocorp/semgrep-docs
- https://github.com/returntocorp/semgrep-action
二、优秀资源
三、视频资源
四、学术刊物
五、其他资源
- https://xz.aliyun.com/t/9531
- https://xz.aliyun.com/t/12696
- https://www.anquanke.com/post/id/240028
- https://zhuanlan.zhihu.com/p/377651159
- https://zhuanlan.zhihu.com/p/387246394
- https://www.freebuf.com/articles/web/286643.html
- https://github.com/trailofbits/semgrep-rules
- https://github.com/returntocorp/ocaml-tree-sitter-semgrep
- https://github.com/returntocorp/semgrep-vscode
- https://github.com/frappe/semgrep-rules
- https://github.com/semgrep/rules-owasp-asvs
- https://github.com/jtmelton/semgrep-idea-plugin
- https://github.com/dgryski/semgrep-go
- https://github.com/vmnguyen/semgrep-rules
- https://github.com/returntocorp/semgrepl
- https://github.com/returntocorp/semgrep-c-sharp
- https://github.com/returntocorp/semgrep-grammars
- https://github.com/srijan-deepsource/django-antipatterns
- https://github.com/quasilyte/go-ruleguard
- https://github.com/returntocorp/semgrep-rust
- https://github.com/returntocorp/semgrep-rules-test-action
- https://github.com/returntocorp/semgrep.vim
- https://github.com/kondukto-io/semgrep-rules
- https://github.com/semgrep/template-rules
- https://github.com/returntocorp/semgrep-ocaml
- https://github.com/Ayrx/semgrep_introduction
- https://github.com/g-wilson/action-semgrep
- https://github.com/ajinabraham/libsast
- https://github.com/brentjanderson/asdf-semgrep
- https://github.com/returntocorp/semgrep-hack
- https://github.com/ligurio/semgrep-rules
- https://github.com/agigleux-limited/semgrep-evaluation
- https://github.com/jrgventura7/SemgrepDemo
- https://github.com/imfht/my-semgrep-rules
- https://github.com/hsparmar1/semgrep-jdbc-demo
- https://github.com/minusworld/semgrep-library
- https://github.com/guyinatuxedo/semgrep
- https://github.com/dsocastillo/semgreptest
- https://github.com/returntocorp/semgrep-java
- https://github.com/majidmc2/SecSnake
- https://github.com/returntocorp/semgrep-go
- https://github.com/wahyuhadi/semgrep-integrator
- https://github.com/0xdea/semgrep-rules
- https://github.com/pingvin1341/semgrep-pipeline
- https://github.com/gabrielg/codeclimate-semgrep
- https://github.com/devidwfreitas/intro-to-semgrep
- https://github.com/allwin101/intro-to-semgrep
- https://github.com/007divyachawla/intro-to-semgrep
- https://github.com/MarceloSFlori/intro-to-semgrep
- https://github.com/tezamukkavilli-cpi/intro-to-semgrep
- https://github.com/ymmatheus/intro-to-semgrep
- https://github.com/phani-gadupudi/intro-to-semgrep
- https://github.com/hsparmar1/semgrep-java-owasp
本章节介绍Semgrep的基础用法及设计思路实现原理等!
一、Semgrep安装
二、Semgrep使用
本章节介绍QL语言的语法规则,包括优秀规则等内容。
一、基础语法
二、规则编写
- Java
- C#
- Go
三、官方规则
四、优秀规则
本章节是针对不同的开发语言进行Semgrep扫描的例子,本章节待整理。
一、Java安全分析
二、C#安全分析
三、Golang安全分析
四、Python
五、C++安全分析
六、Ruby
七、Semgrep工具
本章节介绍Semgrep的具体使用案例,包括自己通过Semgrep挖掘的漏洞等内容。
一、大型应用分析
- 分析Shiro
- 分析Fastjson
- 分析Log4j
- 分析Dubbo
- 分析kylin
- 分析grafana
- 分析Hadoop
- 分析Struts2
二、代码审计案例
