forked from semgrep/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
semgrep.yml
55 lines (53 loc) · 1.48 KB
/
semgrep.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# See pfff/semgrep.yml for more information.
# Put semgrep-specific rules here. More general OCaml or Python rules should
# go in the semgrep-rules repository under ocaml/ or python/.
rules:
- id: no-print-in-semgrep
patterns:
- pattern-either:
- pattern: pr ...
- pattern-not-inside: |
if !Flag.debug
then ...
- pattern-not-inside: |
let $F ... =
...
[@@action]
message: you should not print anything on stdout as it may interfere with
the JSON output we must return to the semgrep python wrapper.
languages: [ocaml]
severity: ERROR
paths:
exclude:
- cli/*.ml
- scripts/*
- Test.ml
- Matching_report.ml
- Unit_*.ml
- Test_*.ml
- runner/*.ml
- experiments/*
- Check_*.ml
- id: not-using-our-pcre-wrappers
patterns:
- pattern-either:
- pattern: Pcre.regexp
- pattern: Pcre.pmatch
- pattern: Pcre.exec
- pattern: Pcre.exec_all
- pattern: Pcre.split
message: >-
You should use one of the equivalent functions in SPcre, which
automatically sets some flags and handles exceptions.
languages: [ocaml]
severity: ERROR
paths:
exclude:
- SPcre.ml
# not ready yet
# - id: no-exit-in-semgrep
# pattern: |
# exit $X
# message: do not use directly exit. raise instead UnixExit $X
# languages: [ocaml]
# severity: ERROR