def invoke_semgrep(config: Path, targets: List[Path], **kwargs: Any) -> Any:
"""
Call semgrep with config on targets and return result as a json object
Uses default arguments of MAIN unless overwritten with a kwarg
"""
io_capture = StringIO()
output_handler = OutputHandler(
OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
error_on_findings=False,
verbose_errors=False,
strict=False,
json_stats=False,
output_per_finding_max_lines_limit=None,
),
stdout=io_capture,
)
main(
output_handler=output_handler,
target=[str(t) for t in targets],
pattern="",
lang="",
configs=[str(config)],
**kwargs,
)
output_handler.close()
return json.loads(io_capture.getvalue())
def invoke_semgrep(
config: Path,
targets: List[Path],
output_settings: Optional[OutputSettings] = None,
**kwargs: Any,
) -> Union[Dict[str, Any], str]:
"""
Return Semgrep results of 'config' on 'targets' as a dict|str
Uses default arguments of 'semgrep_main.main' unless overwritten with 'kwargs'
"""
if output_settings is None:
output_settings = OutputSettings(output_format=OutputFormat.JSON)
io_capture = StringIO()
output_handler = OutputHandler(output_settings, stdout=io_capture)
main(
output_handler=output_handler,
target=[str(t) for t in targets],
pattern="",
lang="",
configs=[str(config)],
**kwargs,
)
output_handler.close()
result: Union[Dict[str, Any], str] = (json.loads(
io_capture.getvalue()) if output_settings.output_format.is_json() else
io_capture.getvalue())
return result
def invoke_semgrep(paths, scan_rules, **kwargs):
"""Call Semgrep."""
if platform.system() == 'Windows':
return None
from semgrep import semgrep_main, util
from semgrep.constants import OutputFormat
from semgrep.output import OutputHandler, OutputSettings
try:
cpu_count = multiprocessing.cpu_count()
except NotImplementedError:
cpu_count = 1 # CPU count is not implemented on Windows
util.set_flags(False, True, False) # Verbose, Quiet, Force_color
io_capture = StringIO()
output_handler = OutputHandler(
OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
error_on_findings=False,
strict=False,
),
stdout=io_capture,
)
semgrep_main.main(
output_handler=output_handler,
target=[pt.as_posix() for pt in paths],
jobs=cpu_count,
pattern=None,
lang=None,
config=scan_rules,
**kwargs,
)
output_handler.close()
return json.loads(io_capture.getvalue())
class SGrep():
def __init__(self, ruleset):
self.ruleset = ruleset
util.set_flags(False, True, False)
try:
self.setting = OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
error_on_findings=False,
verbose_errors=False,
strict=False,
timeout_threshold=3,
json_stats=False,
# json_time = False,
output_per_finding_max_lines_limit=None,
)
except:
self.setting = OutputSettings(
output_format=OutputFormat.JSON,
output_destination=None,
error_on_findings=False,
verbose_errors=False,
strict=False,
timeout_threshold=3,
json_stats=False,
json_time=False,
output_per_finding_max_lines_limit=None,
)
def Scan(self, filepath):
self.io_capture = StringIO()
self.output = OutputHandler(self.setting, stdout=self.io_capture)
semgrep_main.main(
output_handler=self.output,
target=[filepath],
jobs=1,
pattern=None,
lang=None,
configs=[self.ruleset],
timeout=5,
timeout_threshold=3,
)
self.output.close()
return self.format(filepath)
def format(self, filepath):
result = json.loads(self.io_capture.getvalue())
issues = []
for find in result['results']:
i = Issue(Info(find['extra']['message'], ""),
find['start']['line'],
find['start']['col'],
find['extra']['lines'],
lineEnd=find['end']['line'],
filename=filepath,
owasp=find['extra']['metadata']['owasp'],
cwe=find['extra']['metadata']['cwe'],
severity=find['extra']['severity'])
issues.append(i)
return issues