Home / semgrep / semgrep
Repository Analysis

semgrep/semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

4.7 Likely human-written View on GitHub
4.7
Adjusted Score
4.7
Raw Score
100%
Time Factor
2026-05-29
Last Push
15,330
Stars
OCaml
Language
513,566
Lines of Code
4938
Files
1828
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 28HIGH 28MEDIUM 154LOW 1618

Pattern Findings

1828 matches across 20 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers681 hits · 675 pts
SeverityFileLineSnippet
LOWtests/patterns/python/cp_exception.py1def throw_must_not_go_through_else():
LOWtests/patterns/python/cp_exception.py15def no_throw_goes_through_else():
LOWtests/patterns/python/cp_exception.py27def may_throw_goes_through_catch_and_else():
LOWtests/patterns/python/cp_exception.py41def exception_or_not_goes_through_finally():
LOWtests/patterns/python/cp_exception.py55def non_nested_try_statements_are_independent():
LOWtests/rules/taint_exception.py93def throw_must_not_go_through_else(input):
LOWtests/rules/taint_exception.py110def no_throw_goes_through_else(input):
LOWtests/rules/taint_exception.py126def may_throw_goes_through_catch_and_else(input):
LOWtests/rules/taint_exception.py143def exception_or_not_goes_through_finally(input):
LOWtests/rules/taint_exception.py161def throw_may_go_through_catch_and_propagates(input):
LOWtests/perf/timeout.js1075function isStartEmulateButtonPresent() {
LOWtests/perf/timeout.js1136function checkCartIdFieldAndToggleBind(cartIdField) {
LOWtests/perf/timeout.js1238function revertAutocompleteNormalize() {
LOWtests/perf/timeout.js1262function addCustomerListBtnHandler() {
LOWtests/perf/timeout.js1343function asmAifSectionClickHandler() {
LOWtests/perf/timeout.js1385function getCurrentEmulatedCustomerId() {
LOWtests/perf/timeout.js1483function populateCustomerListModal(targetUrl, componentToUpdate, callFunction) {
LOWtests/perf/timeout.js1520function addRatesTableSorterParser() {
LOWtests/perf/timeout.js1793 function getNodeFromRowAndCellIndex(rows, rowIndex, cellIndex) {
LOWtests/perf/timeout.js1926 function computeTableHeaderCellIndexes(t) {
LOWtests/perf/timeout.js1995 function checkHeaderOptionsSortingLocked(table, i) {
LOWtests/perf/three.js21805 function materialNeedsSmoothNormals ( material ) {
LOWtests/perf/three.js21833 function bufferGuessVertexColorType( material ) {
LOWtests/perf/three.js24365 function unrollImmediateBufferMaterial ( globject ) {
LOWcli/tests/conftest.py103def pytest_collection_modifyitems(
LOWcli/tests/conftest.py638def _mk_osemgrep_project_root():
LOWcli/tests/conftest.py685def run_semgrep_on_copied_files(
LOWcli/tests/conftest.py704def run_semgrep_in_test_folder(
LOWcli/tests/conftest.py757def lockfile_path_in_tmp_for_perf(monkeypatch: pytest.MonkeyPatch, tmp_path: Path):
LOWcli/tests/default/unit/test_version.py19def test_version_check_caching(tmp_path, mocker, monkeypatch):
LOW…i/tests/default/unit/test_resolve_dependency_source.py26def test_handle_missing_parser_for_lockfile(mock_parsers_dict) -> None:
LOW…i/tests/default/unit/test_resolve_dependency_source.py60def test_dependency_parser_exception(mock_parsers_dict) -> None:
LOWcli/tests/default/unit/test_run_scan.py45def test_raises_invalid_rule_schema_under_none():
LOWcli/tests/default/unit/test_run_scan.py56def test_no_raise_under_full_even_with_rule_parse_error():
LOWcli/tests/default/unit/test_run_scan.py63def test_no_raise_under_none_when_no_rule_parse_errors():
LOWcli/tests/default/unit/test_config_resolver.py52def mocked_rpc_validation_error(mocker):
LOWcli/tests/default/unit/test_config_resolver.py106 def test__fetch_semgrep_cloud_platform_scan_config(
LOWcli/tests/default/unit/test_config_resolver.py140 def test__fetch_semgrep_cloud_platform_scan_config__fallback(
LOWcli/tests/default/unit/test_config_resolver.py213 def test__download_semgrep_cloud_platform_scan_config_success(
LOWcli/tests/default/unit/test_config_resolver.py234 def test__download_semgrep_cloud_platform_scan_config_unauthorized(
LOWcli/tests/default/unit/test_config_resolver.py254 def test__project_metadata_for_standalone_scan(
LOWcli/tests/default/unit/test_config_resolver.py266 def test__project_metadata_for_standalone_scan__no_repo_throws(
LOWcli/tests/default/unit/test_config_resolver.py275 def test__project_metadata_for_standalone_scan__no_repo_success(
LOWcli/tests/default/unit/test_config_resolver.py318def test_parse_config_string_jsonschema_fallback(mocked_rpc_validation_error):
LOWcli/tests/default/unit/test_config_resolver.py343def test_parse_config_string_as_rules_no_surrogate_pairs_in_rules_file(mocker):
LOWcli/tests/default/unit/test_config_resolver.py383def test_parse_config_string_skips_validation_when_none(mocker):
LOWcli/tests/default/unit/test_config_resolver.py421def test_parse_config_string_core_only_skips_jsonschema_under_force(mocker):
LOWcli/tests/default/unit/test_config_resolver.py460def test_parse_config_string_validates_core_rules_by_default(mocker):
LOWcli/tests/default/unit/test_config_resolver.py489def test_yaml_schema_error_points_to_correct_rule(mocked_rpc_validation_error):
LOWcli/tests/default/unit/test_config_resolver.py514def test_yaml_schema_error_picks_correct_rule_among_many(mocked_rpc_validation_error):
LOWcli/tests/default/unit/test_config_resolver.py542def test_json_schema_error_shows_filename(mocked_rpc_validation_error):
LOWcli/tests/default/unit/test_config_resolver.py559def test_yaml_schema_error_message_content(mocked_rpc_validation_error):
LOWcli/tests/default/unit/test_yaml_parsing.py105def test_default_yaml_type_safe():
LOWcli/tests/default/unit/test_yaml_parsing.py123def test_invalid_metavariable_regex():
LOWcli/tests/default/unit/test_yaml_parsing.py146def test_invalid_metavariable_comparison():
LOWcli/tests/default/unit/test_yaml_parsing.py192def test_invalid_pattern_child():
LOWcli/tests/default/unit/test_yaml_parsing.py216def test_invalid_rule_with_null():
LOWcli/tests/default/unit/test_join_rule.py60def test_condition_parse_dot_behavior():
LOWcli/tests/default/unit/test_join_rule.py89def test_invalid_condition_string(condition_string):
LOWcli/tests/default/unit/test_join_rule.py106def test_create_collection_set_from_conditions():
621 more matches not shown…
Over-Commented Block506 hits · 500 pts
SeverityFileLineSnippet
LOW.pre-commit-config.yaml1# coupling: if you add a check in this file, please add it first in
LOW.pre-commit-config.yaml161 hooks:
LOW.pre-commit-config.yaml241 # TODO: remove once file targeting is revamped and supports
LOW.pre-commit-config.yaml261 # batches and run one semgrep per batch. This is why it's
LOW.pre-commit-hooks.yaml1# See https://pre-commit.com/#new-hooks for more information on this file.
LOWsemgrep.yml1# This file contains Semgrep rules. See https://semgrep.dev for more info.
LOWmypy-tests.ini1# TODO: explain why we have a different mypy setup for test code.
LOWsetup.py1#
LOWtests/patterns/go/partial_single_field2.go1package main
LOWtests/patterns/go/misc_ref_new.go21 //body, err := io.ReadAll(res.Body)
LOWtests/patterns/python/python2.py1#ERROR: match
LOWtests/patterns/python/import_metavar_fullpath.py1# what actually matters in this test is the value bound to $X
LOWtests/patterns/python/cp_label.py1# This is not actually valid Python. Python does not allow comments after line
LOWtests/patterns/python/misc_fake_propa.py1# This used to generate a FakeTokStr exn when we introduced the
LOWtests/patterns/js/infer_const_regexp.js1// Constant propagation should work with regexp literals just like string
LOWtests/patterns/rust/attribute_matching.rs41// MATCH:
LOWtests/patterns/rust/misc_naming_recursion.rs1// this was causing -dump_named_ast to recurse indefinitely
LOWtests/patterns/java/metavar_typed_bool.java41
LOWtests/patterns/json/metavar_array.json1// Note that this file is not really a valid JSON file because
LOW…erns/cpp/parsing_todo_tree_sitter/non_recoverable1.cpp21#include "tensorflow/core/framework/tensor_util.h"
LOW…erns/cpp/parsing_todo_tree_sitter/non_recoverable1.cpp261 unit_dimension++;
LOW…erns/cpp/parsing_todo_tree_sitter/non_recoverable1.cpp281//
LOWtests/patterns/csharp/todo/misc_linq.cs1// this used to not match because of bad interaction with -fast
LOWtests/patterns/ruby/metavar_interpolated.rb1# https://github.com/returntocorp/semgrep/issues/3560
LOWtests/autofix/python/metavar_string2.py1# Forked from metavar_string.py to comment out the f string below but test
LOWtests/autofix/ts/fix_cast.ts1// Regression test for https://github.com/returntocorp/semgrep/issues/6233. The
LOWtests/rules_error_recovery/lines_of_file_outofbound.tf1# On this target file, we get some parse errors on the "bar" field
LOWtests/rules/typed_metavar_metavar_regex.go1func f(c *http.Request) {
LOWtests/rules/kotlin_slow_import.kt21 // "acceptCharset: ${req.acceptCharset()} \n" +
LOWtests/rules/kotlin_slow_import.kt41 // "local.uri: ${local.uri} \n" +
LOWtests/rules/pattern_regex_inside.py1# from https://github.com/returntocorp/semgrep/issues/912
LOWtests/rules/macro_arg_taint.rs1// if this does not properly translate the macro args,
LOWtests/rules/sym_prop_no_merge1.go1func test() {
LOWtests/rules/taint_labels_rec.rs1async fn test(client: Client, id: String) -> Option<Json<Post>> {
LOWtests/rules/relevant_rule_badutf8.js1// Char below somehow causes PCRE engine to throw a BadUTF8 error.
LOWtests/rules/date_comparison.py1#ok: date_rule
LOWtests/parsing/js/cp_assign_record_assign.js1// This used to raise `Impossible` during constant propagation because
LOWtests/parsing/dart/dart3_grammar_features.dart1// Smoke test for grammar features added by the tree-sitter-dart bump:
LOWtests/parsing/java/textblocks.java1//@Controller
LOWtests/parsing/java/textblocks.java21
LOWtests/parsing/swift/expressions.swift41// correctly parsed, even though that issue has been mitigated.
LOWtests/parsing/swift/expressions.swift241({ x in x });
LOWtests/perf/three.js30161 points.push( points[ 0 ] );
LOWtests/perf/three.js30501//
LOWtests/perf/three.js31321// var c = [];
LOWcli/pyproject.toml41
LOWcli/setup.py1#
LOWcli/tests/conftest.py1#
LOWcli/tests/conftest.py21#
LOWcli/tests/conftest.py601# Fixtures
LOWcli/tests/semgrep_runner.py1#
LOWcli/tests/semgrep_runner.py61 / "semgrep"
LOWcli/tests/fixtures.py1#
LOWcli/tests/default/unit/test_version.py1#
LOW…i/tests/default/unit/test_resolve_dependency_source.py1#
LOWcli/tests/default/unit/test_engine_type.py1#
LOWcli/tests/default/unit/test_engine_type.py41 #
LOWcli/tests/default/unit/test_run_scan.py1#
LOWcli/tests/default/unit/test_config_resolver.py1#
LOWcli/tests/default/unit/test_yaml_parsing.py1#
446 more matches not shown…
Hallucination Indicators28 hits · 280 pts
SeverityFileLineSnippet
CRITICALtests/precommit_dogfooding/python.yml6561 - pattern: cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key(...,
CRITICALtests/precommit_dogfooding/python.yml6563 - pattern: cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key($SIZE,
CRITICALtests/precommit_dogfooding/python.yml7675 - pattern-inside: cryptography.hazmat.primitives.asymmetric.ec.generate_private_key(...)
CRITICALtests/precommit_dogfooding/python.yml8333 pattern: cryptography.hazmat.primitives.ciphers.algorithms.ARC4(...)
CRITICALtests/precommit_dogfooding/python.yml8539 pattern: cryptography.hazmat.primitives.ciphers.algorithms.Blowfish(...)
CRITICALtests/precommit_dogfooding/python.yml8807 - pattern: cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key(...,
CRITICALtests/precommit_dogfooding/python.yml8809 - pattern: cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key($EXP,
CRITICALtests/precommit_dogfooding/python.yml8903 pattern: cryptography.hazmat.primitives.ciphers.algorithms.IDEA(...)
CRITICALtests/precommit_dogfooding/python.yml9143 pattern: cryptography.hazmat.primitives.ciphers.modes.ECB(...)
CRITICALtests/rules/not_found_exn2.yaml7 cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key(..., key_size=$VALUE, ...)
CRITICALtests/rules/tainted-file-path.yaml10 org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file
CRITICALperf/r2c-rules/r2c-security-audit.yml1055 method such as org.apache.commons.io.FilenameUtils.getName(...) to only
CRITICALperf/r2c-rules/r2c-security-audit.yml2020 - pattern: java.nio.file.Files.setPosixFilePermissions($FILE, java.nio.file.attribute.PosixFilePermissions.fromStr
CRITICALperf/r2c-rules/r2c-security-audit.yml2022 $TYPE $P = java.nio.file.attribute.PosixFilePermissions.fromString("=~/(^......r..$)|(^.......w.$)|(^........x
CRITICALperf/r2c-rules/r2c-security-audit.yml2418 method such as org.apache.commons.io.FilenameUtils.getName(...) to only
CRITICALperf/r2c-rules/r2c-security-audit.yml3800 pattern: cryptography.hazmat.primitives.ciphers.algorithms.Blowfish(...)
CRITICALperf/r2c-rules/r2c-security-audit.yml3815 pattern: cryptography.hazmat.primitives.ciphers.algorithms.IDEA(...)
CRITICALperf/r2c-rules/r2c-security-audit.yml3830 pattern: cryptography.hazmat.primitives.ciphers.algorithms.ARC4(...)
CRITICALperf/r2c-rules/r2c-security-audit.yml3846 pattern: cryptography.hazmat.primitives.ciphers.modes.ECB(...)
CRITICALperf/r2c-rules/r2c-security-audit.yml3899 - pattern-inside: cryptography.hazmat.primitives.asymmetric.ec.generate_private_key(...)
CRITICALperf/r2c-rules/r2c-ci.yml556 method such as org.apache.commons.io.FilenameUtils.getName(...) to only
CRITICALperf/r2c-rules/r2c-ci.yml891 method such as org.apache.commons.io.FilenameUtils.getName(...) to only
CRITICALperf/r2c-rules/r2c-ci.yml1784 pattern: cryptography.hazmat.primitives.ciphers.algorithms.Blowfish(...)
CRITICALperf/r2c-rules/r2c-ci.yml1799 pattern: cryptography.hazmat.primitives.ciphers.algorithms.IDEA(...)
CRITICALperf/r2c-rules/r2c-ci.yml1814 pattern: cryptography.hazmat.primitives.ciphers.algorithms.ARC4(...)
CRITICALperf/r2c-rules/r2c-ci.yml1830 pattern: cryptography.hazmat.primitives.ciphers.modes.ECB(...)
CRITICALperf/r2c-rules/r2c-ci.yml1883 - pattern-inside: cryptography.hazmat.primitives.asymmetric.ec.generate_private_key(...)
CRITICALperf/r2c-rules/java.yml16 method such as org.apache.commons.io.FilenameUtils.getName(...) to only
Decorative Section Separators90 hits · 272 pts
SeverityFileLineSnippet
MEDIUM.pre-commit-config.yaml19 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml21 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml60 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml62 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml163 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml165 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml182 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml184 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml201 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml203 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml225 # ----------------------------------------------------------
MEDIUM.pre-commit-config.yaml227 # ----------------------------------------------------------
MEDIUMcli/tests/default/unit/test_scans_v2.py174# ---------------------------------------------------------------------------
MEDIUMcli/tests/default/unit/test_scans_v2.py176# ---------------------------------------------------------------------------
MEDIUMcli/tests/default/unit/test_scans_v2.py246# ---------------------------------------------------------------------------
MEDIUMcli/tests/default/unit/test_scans_v2.py248# ---------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py21# ---------------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py23# ---------------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py159# ---------------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py161# ---------------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py213# ---------------------------------------------------------------------------------
MEDIUMcli/tests/default/mcp/test_supply_chain_hook.py215# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/git.py437 # ==============================
MEDIUMcli/src/semgrep/git.py439 # ==============================
MEDIUMcli/src/semgrep/git.py462 # ==================================
MEDIUMcli/src/semgrep/git.py464 # ==================================
MEDIUMcli/src/semgrep/run_scan.py1048 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1050 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1084 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1086 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1109 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1111 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1132 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1134 # ---------------------------------------
MEDIUMcli/src/semgrep/run_scan.py1327 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1329 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1390 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1392 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1429 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1431 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1516 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1518 # ----------------------------
MEDIUMcli/src/semgrep/run_scan.py1586 # ---------------------------------
MEDIUMcli/src/semgrep/run_scan.py1588 # ---------------------------------
MEDIUMcli/src/semgrep/run_scan.py1624 # ---------------------------------
MEDIUMcli/src/semgrep/run_scan.py1626 # ---------------------------------
MEDIUMcli/src/semgrep/run_scan.py1650 # ---------------------------------
MEDIUMcli/src/semgrep/run_scan.py1652 # ---------------------------------
MEDIUMcli/src/semgrep/mcp/server.py69# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py71# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py160# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py162# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py489# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py491# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py509# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py511# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py1309# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py1311# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py1350# ---------------------------------------------------------------------------------
MEDIUMcli/src/semgrep/mcp/server.py1352# ---------------------------------------------------------------------------------
30 more matches not shown…
Unused Imports188 hits · 148 pts
SeverityFileLineSnippet
LOWtests/patterns/python/wildcard_qualified.py1
LOWtests/patterns/python/already_resolved_with_wildcard.py2
LOWtests/patterns/python/misc_import.py2
LOWtests/patterns/python/misc_import.py4
LOWtests/patterns/python/scoped_wildcard.py11
LOWtests/patterns/python/import_negatives.py2
LOWtests/patterns/python/import_negatives.py4
LOWtests/patterns/python/import_negatives.py6
LOWtests/patterns/python/import_negatives2.py2
LOWtests/patterns/python/import_negatives2.py4
LOWtests/patterns/python/import_negatives2.py6
LOWtests/patterns/python/import_metavar_fullpath.py6
LOWtests/patterns/python/import_metavar_fullpath.py8
LOWtests/patterns/python/import_metavar_fullpath.py10
LOWtests/patterns/python/import_metavar_fullpath.py12
LOWtests/patterns/python/import_metavar_fullpath.py14
LOWtests/patterns/python/import_metavar_fullpath.py16
LOWtests/patterns/python/misc_regression1.py1
LOWtests/patterns/python/imports.py3
LOWtests/patterns/python/imports.py6
LOWtests/patterns/python/imports.py8
LOWtests/patterns/python/imports.py11
LOWtests/patterns/python/imports.py12
LOWtests/patterns/python/imports.py12
LOWtests/patterns/python/imports.py14
LOWtests/patterns/python/imports.py14
LOWtests/patterns/python/imports.py16
LOWtests/patterns/python/imports.py16
LOWtests/patterns/python/imports.py20
LOWtests/patterns/python/imports.py21
LOWtests/patterns/python/imports.py22
LOWtests/patterns/python/imports.py23
LOWtests/patterns/python/imports.py25
LOWtests/patterns/python/imports.py26
LOWtests/patterns/python/imports.py27
LOWtests/patterns/python/imports.py28
LOWtests/patterns/python/imports.py29
LOWtests/patterns/python/imports.py30
LOWtests/patterns/python/imports.py31
LOWtests/patterns/python/imports.py32
LOWtests/patterns/python/imports.py33
LOWtests/patterns/python/imports.py36
LOWtests/patterns/python/imports.py36
LOWtests/patterns/python/imports.py39
LOWtests/patterns/python/imports.py39
LOWtests/patterns/python/imports.py42
LOWtests/patterns/python/imports.py45
LOWtests/patterns/python/imports.py46
LOWtests/patterns/python/imports.py47
LOWtests/patterns/python/imports.py48
LOWtests/patterns/python/imports.py50
LOWtests/patterns/python/imports.py51
LOWtests/patterns/python/imports.py52
LOWtests/patterns/python/imports.py53
LOWtests/patterns/python/imports.py54
LOWtests/patterns/python/imports.py55
LOWtests/patterns/python/imports.py56
LOWtests/patterns/python/imports.py57
LOWtests/patterns/python/imports.py62
LOWtests/patterns/python/imports.py62
128 more matches not shown…
Excessive Try-Catch Wrapping119 hits · 116 pts
SeverityFileLineSnippet
LOWCHANGELOG.md2680 except Exception:
LOWCHANGELOG.md10214 except Exception:
LOWtests/patterns/python/deep_try.py5 except Exception:
LOWtests/patterns/python/cp_exception.py5 except Exception as e:
LOWtests/patterns/python/cp_exception.py19 except Exception as e:
LOWtests/patterns/python/cp_exception.py31 except Exception as e:
LOWtests/patterns/python/cp_exception.py45 except Exception as e:
LOWtests/patterns/python/cp_exception.py62 except Exception as e:
LOWtests/patterns/python/cp_exception.py75 except Exception as e:
LOWtests/patterns/python/misc_exn.py5 except Exception:
LOWtests/rules/taint_exception.py14 except Exception as e:
LOWtests/rules/taint_exception.py25 except Exception as e:
LOWtests/rules/taint_exception.py59 except Exception as e:
LOWtests/rules/taint_exception.py70 except Exception as e:
LOWtests/rules/taint_exception.py98 except Exception as e:
LOWtests/rules/taint_exception.py115 except Exception as e:
LOWtests/rules/taint_exception.py131 except Exception as e:
LOWtests/rules/taint_exception.py148 except Exception as e:
LOWtests/rules/taint_exception.py171 except Exception as e:
LOWtests/rules/taint_exception.py185 except Exception as e:
LOWtests/rules/taint_clean_in_try_no_finally.py5 except Exception:
LOWtests/parsing/python/as_pattern.py3except Exception as e:
LOWcli/setup.py49 except Exception:
MEDIUMcli/setup.py38def linux_detect_libc():
LOWcli/tests/default/unit/test_error_handler.py185 except Exception:
LOWcli/tests/default/unit/test_error_handler.py223 except Exception:
LOWcli/tests/default/unit/test_error_handler.py254 except Exception:
LOWcli/src/semdep/package_restrictions.py59 except Exception as e:
LOWcli/src/semdep/parsers/util.py92 except Exception as e:
LOWcli/src/semdep/parsers/util.py382 except Exception as e:
LOWcli/src/semdep/parsers/poetry.py281 except Exception as e:
MEDIUMcli/src/semgrep/metrics.py670def gather_click_params(self) -> None:
LOWcli/src/semgrep/metrics.py232 except Exception as e:
LOWcli/src/semgrep/metrics.py241 except Exception as e:
LOWcli/src/semgrep/metrics.py247 except Exception as e:
LOWcli/src/semgrep/metrics.py421 except Exception as e:
LOWcli/src/semgrep/metrics.py429 except Exception as e:
LOWcli/src/semgrep/metrics.py437 except Exception as e:
LOWcli/src/semgrep/metrics.py443 except Exception as e:
LOWcli/src/semgrep/metrics.py449 except Exception as e:
LOWcli/src/semgrep/metrics.py455 except Exception as e:
LOWcli/src/semgrep/metrics.py461 except Exception as e:
LOWcli/src/semgrep/metrics.py468 except Exception as e:
LOWcli/src/semgrep/metrics.py608 except Exception as e:
LOWcli/src/semgrep/metrics.py617 except Exception as e:
LOWcli/src/semgrep/metrics.py626 except Exception as e:
LOWcli/src/semgrep/metrics.py635 except Exception as e:
LOWcli/src/semgrep/metrics.py258 except Exception as e:
LOWcli/src/semgrep/metrics.py284 except Exception as e:
LOWcli/src/semgrep/metrics.py296 except Exception as e:
LOWcli/src/semgrep/metrics.py337 except Exception as e:
LOWcli/src/semgrep/metrics.py346 except Exception as e:
LOWcli/src/semgrep/metrics.py381 except Exception as e:
LOWcli/src/semgrep/metrics.py490 except Exception as e:
LOWcli/src/semgrep/metrics.py510 except Exception as e:
LOWcli/src/semgrep/metrics.py529 except Exception as e:
LOWcli/src/semgrep/metrics.py553 except Exception as e:
LOWcli/src/semgrep/metrics.py592 except Exception as e:
LOWcli/src/semgrep/metrics.py683 except Exception as e:
LOWcli/src/semgrep/metrics.py734 except Exception as e:
59 more matches not shown…
Self-Referential Comments38 hits · 109 pts
SeverityFileLineSnippet
MEDIUMsemgrep.yml1# This file contains Semgrep rules. See https://semgrep.dev for more info.
MEDIUMsemgrep.yml8# This file is also used in CI, see .circleci/config.yml
MEDIUMcli/tests/default/unit/test_saved_scan_config.py53 # Create a handler that will dump the config when handling a scan response
MEDIUMcli/tests/default/unit/test_saved_scan_config.py62 # Create a second handler that loads the saved config via start_scan
MEDIUMcli/tests/default/unit/test_symbol_analysis.py169 # Create a Java file and gradle lockfile
MEDIUMcli/tests/default/unit/test_symbol_analysis.py553 # Create a subproject directory but scan a different directory
MEDIUMcli/tests/default/e2e-other/parsers/test_yarn.py297 """# This file is generated by running "yarn install" inside your project.
MEDIUMcli/tests/default/e2e-other/parsers/test_yarn.py405 """# This file is generated by running "yarn install" inside your project.
MEDIUMcli/tests/default/e2e/test_ignores.py29 # This file is included by the .semgrepignore above.
MEDIUMcli/tests/default/e2e/test_diff_scan_preserves_repo.py51 # Create the rule file (untracked)
MEDIUM…fault/e2e/targets/parse_metrics/partial-parse-error.rb193 # This method is called to process HTTP requests
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb33 # Create an instance of the Sensu client process, start the
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb57 # Create a Sensu client keepalive payload, to be sent over the
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb125 # Create an in progress key for a check, used to determine if an
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb377 # Create a check execution proc, used to execute standalone
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb560 # Create a check result intended for deregistering a client.
MEDIUM…default/e2e/targets/dependency_aware/dart/pubspec.yaml66# The following section is specific to Flutter packages.
MEDIUMcli/src/semdep/parsers/composer.py17# Import necessary modules and classes
MEDIUMcli/src/semdep/parsers/util.py76 """This class is a callable wrapper around a lockfile and manifest parser
MEDIUMcli/src/semdep/parsers/yarn.py302# This file is generated by running "yarn install" inside your project.
MEDIUMcli/src/semdep/matchers/pip_requirements.py178 # Create a subproject from each group of requirements files and the corresponding manifest
MEDIUMcli/src/semdep/external/packaging/tags.py2# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/version.py2# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/__init__.py1# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/utils.py2# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/_structures.py2# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/__about__.py1# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semdep/external/packaging/specifiers.py2# This file is dual licensed under the terms of the Apache License, Version
MEDIUMcli/src/semgrep/profile_manager.py25 # This method is an even more rudimentary tool for profiling
MEDIUMcli/src/semgrep/test.py13# This file is DEPRECATED! Please modify instead osemgrep test in
MEDIUMcli/src/semgrep/join_rule.py557 # Create a model map. This allows dynamically creating DB tables based
MEDIUMcli/src/semgrep/output_extra.py22# This class is easily extendable if we want to add more information to the CLI output
MEDIUMcli/src/semgrep/output.py133# This class is the internal representation of OutputSettings below.
MEDIUMcli/src/semgrep/mcp/server.py255 # Create a temporary directory
MEDIUMcli/src/semgrep/console_scripts/entrypoint.py2# This file is the Semgrep CLI entry point of the Semgrep pip package,
MEDIUMcli/src/semgrep/console_scripts/pysemgrep.py16# This file is not part of the Python 'semgrep' package; it's a script.
MEDIUMcli/src/semgrep/commands/mcp.py185 # Create a fast MCP server
MEDIUMcli/src/semgrep/external/git_url_parser.py1# This file is forked from https://github.com/coala/git-url-parse/blob/master/giturlparse/parser.py
Deep Nesting96 hits · 90 pts
SeverityFileLineSnippet
LOWcli/setup.py104
LOWcli/tests/conftest.py313
LOWcli/tests/conftest.py425
LOWcli/tests/default/unit/test_semgrep_test.py50
LOWcli/tests/default/e2e-other/test_ssc.py602
LOWcli/src/semdep/golang_version.py226
LOWcli/src/semdep/golang_version.py332
LOWcli/src/semdep/package_restrictions.py30
LOWcli/src/semdep/maven_version.py98
LOWcli/src/semdep/maven_version.py138
LOWcli/src/semdep/parsers/pnpm.py480
LOWcli/src/semdep/parsers/composer.py61
LOWcli/src/semdep/parsers/go_mod.py107
LOWcli/src/semdep/parsers/pom_tree.py91
LOWcli/src/semdep/parsers/pubspec_lock.py39
LOWcli/src/semdep/matchers/gradle.py98
LOWcli/src/semdep/external/packaging/tags.py314
LOWcli/src/semdep/external/packaging/tags.py346
LOWcli/src/semdep/external/packaging/version.py197
LOWcli/src/semdep/external/packaging/version.py394
LOWcli/src/semdep/external/packaging/_manylinux.py267
LOWcli/src/semdep/external/packaging/specifiers.py752
LOWcli/src/semgrep/dependency_aware_rule.py146
LOWcli/src/semgrep/dependency_aware_rule.py323
LOWcli/src/semgrep/scan_report.py246
LOWcli/src/semgrep/scan_report.py259
LOWcli/src/semgrep/metrics.py299
LOWcli/src/semgrep/subproject.py138
LOWcli/src/semgrep/subproject.py160
LOWcli/src/semgrep/subproject.py176
LOWcli/src/semgrep/subproject.py399
LOWcli/src/semgrep/error_location.py157
LOWcli/src/semgrep/error.py249
LOWcli/src/semgrep/error.py563
LOWcli/src/semgrep/error.py565
LOWcli/src/semgrep/symbol_analysis.py87
LOWcli/src/semgrep/symbol_analysis.py201
LOWcli/src/semgrep/rule_match.py516
LOWcli/src/semgrep/rule_match.py579
LOWcli/src/semgrep/test.py161
LOWcli/src/semgrep/core_runner.py282
LOWcli/src/semgrep/core_runner.py880
LOWcli/src/semgrep/core_runner.py966
LOWcli/src/semgrep/run_scan.py270
LOWcli/src/semgrep/run_scan.py404
LOWcli/src/semgrep/run_scan.py481
LOWcli/src/semgrep/run_scan.py697
LOWcli/src/semgrep/run_scan.py950
LOWcli/src/semgrep/run_scan.py1013
LOWcli/src/semgrep/run_scan.py1235
LOWcli/src/semgrep/target_manager.py96
LOWcli/src/semgrep/target_manager.py239
LOWcli/src/semgrep/target_manager.py302
LOWcli/src/semgrep/target_manager.py1190
LOWcli/src/semgrep/join_rule.py140
LOWcli/src/semgrep/rpc.py186
LOWcli/src/semgrep/engine.py45
LOWcli/src/semgrep/engine.py130
LOWcli/src/semgrep/rule.py277
LOWcli/src/semgrep/rule.py295
36 more matches not shown…
Cross-File Repetition16 hits · 80 pts
SeverityFileLineSnippet
HIGHcli/tests/default/unit/test_config_resolver.py0{ "rules": [ { "id": "test-rule", "message": "test rule", "languages": ["python"], "severity": "warning", "pattern": "$x
HIGHcli/tests/default/unit/test_config_resolver.py0{ "rules": [ { "id": "test-rule", "message": "test rule", "languages": ["python"], "severity": "warning", "pattern": "$x
HIGHcli/tests/default/unit/test_config_resolver.py0{ "rules": [ { "id": "test-rule", "message": "test rule", "languages": ["python"], "severity": "warning", "pattern": "$x
HIGHcli/tests/default/unit/test_error_handler.py0check that data is posted to fail-open url and zero exit code is returned
HIGHcli/tests/default/unit/test_error_handler.py0check that data is posted to fail-open url and zero exit code is returned
HIGHcli/tests/default/unit/test_error_handler.py0check that data is posted to fail-open url and zero exit code is returned
HIGHcli/tests/default/e2e-other/test_ci.py0test that an invalid api key returns exit code 13, even when errors are supressed
HIGHcli/tests/default/e2e-other/test_ci.py0test that an invalid api key returns exit code 13, even when errors are supressed
HIGHcli/tests/default/e2e-other/test_ci.py0test that an invalid api key returns exit code 13, even when errors are supressed
HIGH…lt/e2e/targets/autofix/django-none-password-default.py0creates and saves a poster with the given email and password.
HIGH…o-none-password-default.py-text-not-dryrun/results.txt0creates and saves a poster with the given email and password.
HIGH…jango-none-password-default.py-text-dryrun/results.txt0creates and saves a poster with the given email and password.
HIGH…jango-none-password-default.py-text-dryrun/results.txt0creates and saves a poster with the given email and password.
HIGHcli/src/semgrep/metrics.py0assumes configs is list of arguments passed to semgrep using --config
HIGHcli/src/semgrep/metrics.py0assumes configs is list of arguments passed to semgrep using --config
HIGHcli/src/semgrep/metrics.py0assumes configs is list of arguments passed to semgrep using --config
AI Slop Vocabulary29 hits · 65 pts
SeverityFileLineSnippet
MEDIUM.pre-commit-hooks.yaml14 # for pre-commit. Essentially, setup.py runs 'pip install semgrep==0.xxx.yyy'.
MEDIUMtests/perf/l10000.js3514 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMtests/perf/l10000.js3838 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMtests/perf/three.js3514 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMtests/perf/three.js3838 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMtests/perf/bloom/l10000.js3515 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMtests/perf/bloom/l10000.js3839 // this is a more robust check for empty than ( volume <= 0 ) because volume can get positive with two negative axes
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb143 # tokens. Hook commands may expect/read and utilize JSON
MEDIUMcli/tests/default/e2e/targets/parse_metrics/ok.rb251 # method as a parameter, the extension may utilize it. This
MEDIUMcli/tests/default/e2e/targets/bad/invalid_c_long.c1/*;--------------------------------------------------------------------------;;This program, "bzip2", the associated lib
LOWcli/src/semdep/parsers/gradle.py105 # support for manifest parsing. In that case just use the lockfile.
LOWcli/src/semdep/external/packaging/specifiers.py500 # version. If it's not we can short circuit and just return False now
LOWcli/src/semdep/external/packaging/specifiers.py526 # version. If it's not we can short circuit and just return False now
LOWcli/src/semdep/external/packaging/specifiers.py707 # then we'll just return None since we don't know if this should have
MEDIUMcli/src/semgrep/dependency_aware_rule.py296 # TODO: associate these in a more robust way. This currently
LOWcli/src/semgrep/git.py370 # If we already know that the base commit is the merge base, just return
LOWcli/src/semgrep/error.py541# TODO: generalize in a SemgrepCliError and just pass the level, code and type_
LOWcli/src/semgrep/rpc.py135 # date, let's just use a catch-all. In the end it doesn't really matter
LOWcli/src/semgrep/rule.py339 # /weird/), just return the empty string, and we'll hash based on rule id +
MEDIUMcli/src/semgrep/resolve_dependency_source.py460 # TODO: Reimplement this once more robust error handling for lockfileless resolution is implemented
LOWcli/src/semgrep/mcp/semgrep.py235 # if they exist on the local filesystem, we could just pass the paths
LOWcli/src/semgrep/console_scripts/entrypoint.py18# semgrep-core, but it is simple from Python because you can simply use
MEDIUMcli/src/semgrep/console_scripts/entrypoint.py22# Again, it is simpler to use a Python script and leverage importlib.resources.
MEDIUMcli/src/semgrep/console_scripts/entrypoint.py172 # test harness, etc.), set NO_COLOR so cmdliner reverts to plain output.
LOWcli/src/semgrep/semgrep_interfaces/rule_schema_v1.yaml281 # I would normally just use `allOf`, but since it doensn't short circuit,
MEDIUMcli/src/semgrep/semgrep_interfaces/generate.py80# Constructors are sorted by increasing maturity to facilitate meaningful
LOWcli/src/semgrep/commands/ci.py949 # settings have been passed. So we can just use the "normal"
MEDIUMcli/src/semgrep/commands/scan.py872 # I wish there was an easy way to leverage the engine_params from the
MEDIUMperf/configs/ci_small_repos.yaml85 # For more comprehensive rule timing information
Cross-Language Confusion5 hits · 24 pts
SeverityFileLineSnippet
HIGHcli/tests/default/e2e-other/parsers/test_swiftpm.py342 "branch": null,
HIGHcli/tests/default/e2e-other/parsers/test_swiftpm.py351 "branch": null,
HIGHcli/tests/default/e2e-other/parsers/test_swiftpm.py360 "branch": null,
HIGHcli/src/semgrep/mcp/server.py1201 - Run: `semgrep install-semgrep-pro || true`
HIGHcli/src/semgrep/mcp/hooks/post_tool.py43 # "decision": "block"|undefined,
Cross-Language Confusion (JS/TS)4 hits · 20 pts
SeverityFileLineSnippet
HIGHtests/patterns/js/dots_stmts.js5 print("do stuff");
HIGHtests/patterns/js/deep_exprstmt.js10 print(bar());
HIGHtests/patterns/ts/deep_exprstmt.ts10 print(bar());
HIGHtests/patterns/ts/dots_stmts.ts5 print("do stuff");
Redundant / Tautological Comments13 hits · 19 pts
SeverityFileLineSnippet
LOWcli/tests/default/mcp/test_create_temp_files.py40 # Check if temp directory was created
LOWcli/tests/default/mcp/test_create_temp_files.py44 # Check if files were created with correct content
LOWcli/tests/default/mcp/test_create_temp_files.py71 # Check if temp directory was created
LOWcli/tests/default/mcp/test_create_temp_files.py101 # Check if temp directory was created
LOWcli/tests/default/e2e-other/test_ci.py2792 # Check if we should mimic an existing settings file via simulation
LOWcli/src/semdep/golang_version.py155 ): # Check if anything exists after the core version spec
LOWcli/src/semdep/golang_version.py251 # Check if the identifier is a number
LOWcli/src/semdep/matchers/pip_requirements.py127 # Check if the lockfile is in a 'requirements' directory
LOWcli/src/semgrep/scan_report.py513 # Check if any secret rule has the generic secrets AI ruleset
LOWcli/src/semgrep/main.py95 # Check if any of the exclusionary commands are provided
LOWcli/src/semgrep/mcp/server.py212 # Check if normalized path is still absolute
LOW.github/workflows/sync-with-PRO.yml64 # Check if any commits are already synced from Pro
LOWsrc/main/flags.sh46# Check if SEMGREP_NIX_BUILD is not set
Slop Phrases5 hits · 10 pts
SeverityFileLineSnippet
LOWtests/parsing/cpp/operator_templated3.cpp7 :: don't forget to update hdf5_daa_layer.cu accordingly
LOWcli/tests/conftest.py501 # so make sure to explicitly delete any ambient CI variables.
LOWcli/tests/default/e2e/test_permissions.py90 # We make sure to not run as root since it can read files lacking
MEDIUM…default/e2e/targets/dependency_aware/dart/pubspec.yaml70 # included with your application, so that you can use the icons in
MEDIUMcli/src/semgrep/console_scripts/entrypoint.py39# alt: you can also add '-W ignore::DeprecationWarning' after the python3 above,
Docstring Block Structure2 hits · 10 pts
SeverityFileLineSnippet
HIGHcli/src/semdep/parsers/pnpm.py414 Parses the dependencies of a package in a `pnpm-lock.yaml` file (version >=9.0). In pnpm-lock.yaml files versi
HIGHcli/src/semgrep/mcp/server.py240 Creates temporary files from code content Args: code_files: List of CodeFile objects Returns:
Dead Code4 hits · 8 pts
SeverityFileLineSnippet
MEDIUMtests/naming/python/scope.py13
MEDIUMtests/naming/python/scope.py14
MEDIUMtests/rules/taint_exception.py8
MEDIUMtests/rules/taint_exception.py53
Synthetic Comment Markers1 hit · 2 pts
SeverityFileLineSnippet
HIGHcli/tests/default/unit/test_paths_to_transitivity.py106 This entire paragraph was pretty much generated by Copilot wow
Verbosity Indicators1 hit · 2 pts
SeverityFileLineSnippet
LOWcli/src/semgrep/target_manager.py250 # this print statement we need to check if any target is in a
Example Usage Blocks1 hit · 2 pts
SeverityFileLineSnippet
LOWscripts/generate_cheatsheet.py5# Usage:
Overly Generic Function Names1 hit · 1 pts
SeverityFileLineSnippet
LOWtests/rules/taint_clean_in_try_no_finally.py1def test_function():