#pattern #ruleset #regex #rule #tags #severity #weggli

weggli-ruleset

Ruleset managment/matching/reporting for weggli patterns

3 releases

new 0.1.2 Oct 30, 2024
0.1.1 Oct 30, 2024
0.1.0 Oct 29, 2024

#1007 in Text processing

Download history 75/week @ 2024-10-23

77 downloads per month

MIT license

27KB
799 lines

weggli-ruleset

This is a utility crate to help manage weggli patterns. To do so, it provides a yaml-based rule format that allows different (related) patterns to be grouped along with metadata useful for categorising and triaging matches. For example, we can encode the patterns from here, as follows:

id: call-to-unbounded-copy-functions
description: call to unbounded copy functions
severity: medium
tags:
- CWE-120
- CWE-242
- CWE-676
check-patterns:
- name: gets
  regex: func=^gets$
  pattern: |
    { $func(); }
- name: st(r|p)(cpy|cat)
  regex: func=st(r|p)(cpy|cat)$
  pattern: |
    { $func(); }
- name: wc(r|p)(cpy|cat)
  regex: func=wc(r|p)(cpy|cat)$
  pattern: |
    { $func(); }
- name: sprintf
  regex: func=sprintf$
  pattern: |
    { $func(); }
- name: scanf
  regex: func=scanf$
  pattern: |
    { $func(); }

Usage

use std::fs;
use weggli_ruleset::RuleMatcher;

let mut matcher = RuleMatcher::from_directory("rules")?;
let source = fs::read_to_string("tests/test.c")?;

let matches = matcher.matches(source)?;

Dependencies

~20–32MB
~635K SLoC