7 releases
| 0.1.7 | Nov 1, 2024 |
|---|---|
| 0.1.5 | Nov 1, 2024 |
| 0.1.4 | Oct 31, 2024 |
#859 in Text processing
570 downloads per month
28KB
831 lines
weggli-ruleset
This is a utility crate to help manage weggli patterns. To do so, it provides a yaml-based rule format that allows different (related) patterns to be grouped along with metadata useful for categorising and triaging matches. For example, we can encode the patterns from here, as follows:
id: call-to-unbounded-copy-functions
description: call to unbounded copy functions
severity: medium
tags:
- CWE-120
- CWE-242
- CWE-676
check-patterns:
- name: gets
regex: func=^gets$
pattern: |
{ $func(); }
- name: st(r|p)(cpy|cat)
regex: func=st(r|p)(cpy|cat)$
pattern: |
{ $func(); }
- name: wc(r|p)(cpy|cat)
regex: func=wc(r|p)(cpy|cat)$
pattern: |
{ $func(); }
- name: sprintf
regex: func=sprintf$
pattern: |
{ $func(); }
- name: scanf
regex: func=scanf$
pattern: |
{ $func(); }
Usage
use std::fs;
use weggli_ruleset::RuleMatcher;
let mut matcher = RuleMatcher::from_directory("rules")?;
let source = fs::read_to_string("tests/test.c")?;
let matches = matcher.matches(source)?;
Dependencies
~20–33MB
~637K SLoC