#pattern #ruleset #regex #weggli #rule #severity #tags

weggli-ruleset

Ruleset managment/matching/reporting for weggli patterns

7 releases

0.1.7 Nov 1, 2024
0.1.5 Nov 1, 2024
0.1.4 Oct 31, 2024

#1256 in Text processing

21 downloads per month
Used in parascope

MIT license

28KB
831 lines

weggli-ruleset

This is a utility crate to help manage weggli patterns. To do so, it provides a yaml-based rule format that allows different (related) patterns to be grouped along with metadata useful for categorising and triaging matches. For example, we can encode the patterns from here, as follows:

id: call-to-unbounded-copy-functions
description: call to unbounded copy functions
severity: medium
tags:
- CWE-120
- CWE-242
- CWE-676
check-patterns:
- name: gets
  regex: func=^gets$
  pattern: |
    { $func(); }
- name: st(r|p)(cpy|cat)
  regex: func=st(r|p)(cpy|cat)$
  pattern: |
    { $func(); }
- name: wc(r|p)(cpy|cat)
  regex: func=wc(r|p)(cpy|cat)$
  pattern: |
    { $func(); }
- name: sprintf
  regex: func=sprintf$
  pattern: |
    { $func(); }
- name: scanf
  regex: func=scanf$
  pattern: |
    { $func(); }

Usage

use std::fs;
use weggli_ruleset::RuleMatcher;

let mut matcher = RuleMatcher::from_directory("rules")?;
let source = fs::read_to_string("tests/test.c")?;

let matches = matcher.matches(source)?;

Dependencies

~20–29MB
~630K SLoC