7 releases
| 0.1.7 | Nov 1, 2024 |
|---|---|
| 0.1.5 | Nov 1, 2024 |
| 0.1.4 | Oct 31, 2024 |
#926 in Text processing
582 downloads per month
Used in parascope
28KB
831 lines
weggli-ruleset
This is a utility crate to help manage weggli patterns. To do so, it provides a yaml-based rule format that allows different (related) patterns to be grouped along with metadata useful for categorising and triaging matches. For example, we can encode the patterns from here, as follows:
id: call-to-unbounded-copy-functions
description: call to unbounded copy functions
severity: medium
tags:
- CWE-120
- CWE-242
- CWE-676
check-patterns:
- name: gets
regex: func=^gets$
pattern: |
{ $func(); }
- name: st(r|p)(cpy|cat)
regex: func=st(r|p)(cpy|cat)$
pattern: |
{ $func(); }
- name: wc(r|p)(cpy|cat)
regex: func=wc(r|p)(cpy|cat)$
pattern: |
{ $func(); }
- name: sprintf
regex: func=sprintf$
pattern: |
{ $func(); }
- name: scanf
regex: func=scanf$
pattern: |
{ $func(); }
Usage
use std::fs;
use weggli_ruleset::RuleMatcher;
let mut matcher = RuleMatcher::from_directory("rules")?;
let source = fs::read_to_string("tests/test.c")?;
let matches = matcher.matches(source)?;
Dependencies
~20–33MB
~639K SLoC