righettod · March 21, 2025 09:44 · righettod · Mar 21, 2025
diff --git a/scan-code-with-semgrep.sh b/scan-code-with-semgrep.sh
 #!/bin/bash
 # Assume that PYTHON3 and GIT are installed
 # and available for the user execution the script
 # https://semgrep.dev/docs/cli-reference
 PYENV_HOME="/tmp/pyenv"
 SEMGREP_RULES_HOME="/tmp/semgrep-rules"
 SEMGREP_RULES_FOLDER="python"
 SEMGREP_FINDINGS_FILE="semgrep-findings.json"

 function initialize(){
    if [ ! -d $PYENV_HOME ]
    then
        python -m venv $PYENV_HOME
        chmod -R +x $PYENV_HOME
    fi
    source $PYENV_HOME/bin/activate        
    rm -rf $SEMGREP_RULES_HOME 2>/dev/null
    rm $SEMGREP_FINDINGS_FILE 2>/dev/null    
 }

 function finalize(){
    rm -f /tmp/semgrep-*.rules 2>/dev/null
    rm -rf $SEMGREP_RULES_HOME 2>/dev/null
 }

 function install_tools(){
    python -m pip install --quiet --upgrade pip
    python -m pip install --quiet wheel semgrep pipreqs tabulate colorama termcolor
    git clone --quiet --depth 1 https://github.com/semgrep/semgrep-rules.git $SEMGREP_RULES_HOME
 }

 echo "┌────────────────┐"
 echo "│    Install     │"
 echo "└────────────────┘"
 initialize
 install_tools
 echo "Done."
 echo -n "Semgrep version installed: "
 semgrep --version
 echo "┌────────────────┐"
 echo "│ Initialization │"
 echo "└────────────────┘"
 rules_folder="$SEMGREP_RULES_HOME/$SEMGREP_RULES_FOLDER"
 rules_count=$(find "$rules_folder" | wc -l)
 echo "Loading recursively all rules contained in folder '$rules_folder' ($rules_count files)..."
 rm $SEMGREP_FINDINGS_FILE 2>/dev/null
 semgrep scan --no-git-ignore --force-color --text --metrics=off --disable-version-check --oss-only --json-output=$SEMGREP_FINDINGS_FILE --config="$rules_folder" --novcs --strict
 echo ""
 echo "=> Use the following script against the file '$SEMGREP_FINDINGS_FILE' in case of need of an overview report:"
 echo "https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-semgrep.py"
 finalize
	#!/bin/bash
	# Assume that PYTHON3 and GIT are installed
	# and available for the user execution the script
	# https://semgrep.dev/docs/cli-reference
	PYENV_HOME="/tmp/pyenv"
	SEMGREP_RULES_HOME="/tmp/semgrep-rules"
	SEMGREP_RULES_FOLDER="python"
	SEMGREP_FINDINGS_FILE="semgrep-findings.json"

	function initialize(){
	if [ ! -d $PYENV_HOME ]
	then
	python -m venv $PYENV_HOME
	chmod -R +x $PYENV_HOME
	fi
	source $PYENV_HOME/bin/activate
	rm -rf $SEMGREP_RULES_HOME 2>/dev/null
	rm $SEMGREP_FINDINGS_FILE 2>/dev/null
	}

	function finalize(){
	rm -f /tmp/semgrep-*.rules 2>/dev/null
	rm -rf $SEMGREP_RULES_HOME 2>/dev/null
	}

	function install_tools(){
	python -m pip install --quiet --upgrade pip
	python -m pip install --quiet wheel semgrep pipreqs tabulate colorama termcolor
	git clone --quiet --depth 1 https://github.com/semgrep/semgrep-rules.git $SEMGREP_RULES_HOME
	}

	echo "┌────────────────┐"
	echo "│ Install │"
	echo "└────────────────┘"
	initialize
	install_tools
	echo "Done."
	echo -n "Semgrep version installed: "
	semgrep --version
	echo "┌────────────────┐"
	echo "│ Initialization │"
	echo "└────────────────┘"
	rules_folder="$SEMGREP_RULES_HOME/$SEMGREP_RULES_FOLDER"
	rules_count=$(find "$rules_folder" \| wc -l)
	echo "Loading recursively all rules contained in folder '$rules_folder' ($rules_count files)..."
	rm $SEMGREP_FINDINGS_FILE 2>/dev/null
	semgrep scan --no-git-ignore --force-color --text --metrics=off --disable-version-check --oss-only --json-output=$SEMGREP_FINDINGS_FILE --config="$rules_folder" --novcs --strict
	echo ""
	echo "=> Use the following script against the file '$SEMGREP_FINDINGS_FILE' in case of need of an overview report:"
	echo "https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-semgrep.py"
	finalize