"The attack surface is the vulnerability. Finding a bug there is just a detail."
-- Mark Dowd
"Some details are more important than others."
-- Fedor G. Pikus
A collection of my Semgrep rules to facilitate vulnerability research.
Blog posts:
https://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research
https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
https://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset
See also:
https://semgrep.dev/r
# high priority scan
$ semgrep --severity ERROR --config PATH/TO/RULES PATH/TO/SOURCE
# high and medium priority scan
$ semgrep --severity ERROR --severity WARNING --config PATH/TO/RULES PATH/TO/SOURCE
# full scan
$ semgrep --config PATH/TO/RULES PATH/TO/SOURCE
For a better streamlined experience, I recommend saving semgrep scan output in SARIF format and using SARIF Viewer in VS Code.