def invoke_semgrep(paths, scan_rules, **kwargs):
"""Call Semgrep."""
if platform.system() == 'Windows':
return None
from semgrep import semgrep_main, util
from semgrep.constants import OutputFormat
from semgrep.output import OutputHandler, OutputSettings
try:
cpu_count = multiprocessing.cpu_count()
except NotImplementedError:
cpu_count = 1 # CPU count is not implemented on Windows
util.set_flags(False, True, False) # Verbose, Quiet, Force_color
io_capture = StringIO()
output_handler = OutputHandler(
OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
error_on_findings=False,
strict=False,
),
stdout=io_capture,
)
semgrep_main.main(
output_handler=output_handler,
target=[pt.as_posix() for pt in paths],
jobs=cpu_count,
pattern=None,
lang=None,
config=scan_rules,
**kwargs,
)
output_handler.close()
return json.loads(io_capture.getvalue())
def Scan(self, filepath):
self.io_capture = StringIO()
self.output = OutputHandler(self.setting, stdout=self.io_capture)
semgrep_main.main(
output_handler=self.output,
target=[filepath],
jobs=1,
pattern=None,
lang=None,
configs=[self.ruleset],
timeout=5,
timeout_threshold=3,
)
self.output.close()
return self.format(filepath)
def invoke_semgrep(paths, scan_rules, **kwargs):
"""Call Semgrep."""
if platform.system() == 'Windows':
return None
from semgrep import semgrep_main
from semgrep.state import get_state
from semgrep.constants import OutputFormat
from semgrep.output import OutputHandler, OutputSettings
try:
cpu_count = multiprocessing.cpu_count()
except NotImplementedError:
cpu_count = 1 # CPU count is not implemented on Windows
# Semgrep output formatting
state = get_state()
state.terminal.configure(
verbose=False,
debug=False,
quiet=True,
force_color=False,
)
logging.getLogger('semgrep').propagate = False
output_settings = OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
output_per_finding_max_lines_limit=None,
output_per_line_max_chars_limit=None,
error_on_findings=False,
verbose_errors=False,
strict=False,
timeout_threshold=3,
)
output_handler = OutputHandler(output_settings)
(
filtered_matches_by_rule,
_,
_,
_,
_,
_,
_,
_,
) = semgrep_main.main(
output_handler=output_handler,
target=[pt.as_posix() for pt in paths],
jobs=cpu_count,
pattern=None,
lang=None,
configs=[scan_rules],
timeout=5,
timeout_threshold=3,
**kwargs,
)
output_handler.rule_matches = [
m for ms in filtered_matches_by_rule.values() for m in ms
]
return json.loads(output_handler._build_output())
def call_semgrep(paths, scan_rules):
"""Call Semgrep."""
return semgrep_main.main(
target=paths,
pattern=None,
lang=None,
config=scan_rules,
debugging_json=False,
no_rewrite_rule_ids=False,
jobs=CPU_COUNT,
include=[],
include_dir=[],
exclude=[],
exclude_dir=[],
json_format=True,
sarif=False,
output_destination=None,
quiet=True,
strict=False,
exit_on_error=False,
autofix=False,
dangerously_allow_arbitrary_code_execution_from_rules=False)