### Install from URL with Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_with_uppercase_package_name/requirements.txt Demonstrates how to install a package directly from a URL and how to specify multiple SHA256 hashes for integrity verification. ```python first-with-hash==3.2.3 \ --hash=sha256:7e06d934a7718bf3975acbf87780ba678957b87c7adc056f13b6215d610695a0 \ --hash=sha256:ea448f92fc35a0ef4b1508f53a04c4670255a3f33d22a81c8fc9c872036adbe5 # via second-with-hash second-with-hash==3.0.3 \ --hash=sha256:2f1ba1db8648484dd5c238fb62504777b7ad090c81c5f1fd8d5eb5ec21b5f283 \ --hash=sha256:c91c91a7ad6ef67a874a4f76f58ba534f9208412692a840e1d125eb5c279cb0a # via -r requirements.in third-with-hash==2019.3 --hash=sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d --hash=sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be ``` -------------------------------- ### Install from Git URL with Fragment Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_with_uppercase_package_name/requirements.txt Demonstrates installing a package from a Git repository URL, including a fragment to specify a particular commit or tag. ```python at-url @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install from Local Path and URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_with_uppercase_package_name/requirements.txt Shows how to specify dependencies by pointing to local distribution files (like wheels) or directly from URLs. ```python ./downloads/numpy-1.9.2-cp34-none-win32.whl http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Python Package from URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder/requirements.txt This example shows how to install a Python package directly from a URL, which can be a direct link to a distribution file. ```Shell http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Python Package from URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles/requirements.txt This example shows how to install a Python package directly from a URL, which can be a direct link to a distribution file. ```Shell http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Python Package with Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles/requirements.txt This example demonstrates installing a Python package with optional extras, specified in square brackets. This allows for conditional installation of features. ```Python eqeq-star [security] == 2.8.*, <= 2.8.1 ; python_version < "2.7" ``` -------------------------------- ### Install Python Package from URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_similar_deps/requirements/stage.txt This example shows how to install a Python package directly from a URL, which can be a direct link to a distribution file. ```Shell http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Python Package from URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder_no_src/a/b/requirements/stage.txt This example shows how to install a Python package directly from a URL, which can be a direct link to a distribution file. ```Shell http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Python Package from URL Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_folder_no_src/requirements/stage.txt This example shows how to install a Python package directly from a URL, which can be a direct link to a distribution file. ```Shell http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl ``` -------------------------------- ### Install Semgrep CLI Source: https://github.com/replit/semgrep/blob/develop/README.md Provides commands to install the Semgrep CLI on macOS using Homebrew, on Linux/WSL/macOS using pip, and via Docker. It also includes an example of running Semgrep using Docker. ```bash # For macOS $ brew install semgrep ``` ```python # For Ubuntu/WSL/Linux/macOS $ python3 -m pip install semgrep ``` ```docker # To try Semgrep without installation run via Docker $ docker run -it -v "${PWD}:/src" semgrep/semgrep semgrep login $ docker run -e SEMGREP_APP_TOKEN= --rm -v "${PWD}:/src" semgrep/semgrep semgrep ci ``` -------------------------------- ### Specify Package with Version and Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_with_uppercase_package_name/requirements.txt Shows how to specify a package with version constraints, including optional extras and environment markers for conditional installation. ```python space-eqeq == 0.6.1 eqeq-star [security] == 2.8.* extras-only [security] == 2.8.4 ; python_version < "2.7" condition-only ==2.8.5 ; python_version < "2.7" extras-and-two-conditions[security] == 2.8.3 ; python_version < "2.7" or sys_platform == 'darwin' ``` -------------------------------- ### Install Semgrep with Homebrew, Pip, or Docker Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/aliengrep/markdown.md This snippet shows how to install Semgrep on macOS using Homebrew, on Linux/Ubuntu/WSL using pip, and how to run it without installation using Docker. It covers the primary installation methods for different environments. ```sh # For macOS $ brew install semgrep ``` ```python # On Ubuntu/WSL/linux, we recommend installing via `pip` $ python3 -m pip install semgrep ``` ```docker # To try Semgrep without installation run via Docker $ docker run --rm -v "${PWD}:/src" returntocorp/semgrep --help ``` -------------------------------- ### Install Semgrep with Homebrew, Pip, or Docker Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/spacegrep/markdown.md This snippet shows how to install Semgrep on macOS using Homebrew, on Linux/Ubuntu/WSL using pip, and how to run it without installation using Docker. It covers the primary installation methods for different environments. ```sh # For macOS $ brew install semgrep ``` ```python # On Ubuntu/WSL/linux, we recommend installing via `pip` $ python3 -m pip install semgrep ``` ```docker # To try Semgrep without installation run via Docker $ docker run --rm -v "${PWD}:/src" returntocorp/semgrep --help ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles/requirements/stage.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Install Python Package with URL and Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles/requirements.txt This example demonstrates installing a Python package from a URL and verifying its integrity using a SHA256 hash. This ensures the downloaded file has not been tampered with. ```Python at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install Python Package with URL and Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_similar_deps/requirements/stage.txt This example demonstrates installing a Python package from a URL and verifying its integrity using a SHA256 hash. This ensures the downloaded file has not been tampered with. ```Python at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install Python Package with URL and Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder_no_src/a/b/requirements/stage.txt This example demonstrates installing a Python package from a URL and verifying its integrity using a SHA256 hash. This ensures the downloaded file has not been tampered with. ```Python at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install Python Package with URL and Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder/requirements.txt This example demonstrates installing a Python package from a URL and verifying its integrity using a SHA256 hash. This ensures the downloaded file has not been tampered with. ```Python at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install Python Package with URL and Hash Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_folder_no_src/requirements/stage.txt This example demonstrates installing a Python package from a URL and verifying its integrity using a SHA256 hash. This ensures the downloaded file has not been tampered with. ```Python at-url-with-hash @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip#look-this-is-not-a-comment ``` -------------------------------- ### Install Python Package with Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder_no_src/a/b/requirements/stage.txt This example demonstrates installing a Python package with optional extras, specified in square brackets. This allows for conditional installation of features. ```Python eqeq-star [security] == 2.8.*, <= 2.8.1 ; python_version < "2.7" ``` -------------------------------- ### Install Python Package with Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder/requirements.txt This example demonstrates installing a Python package with optional extras, specified in square brackets. This allows for conditional installation of features. ```Python eqeq-star [security] == 2.8.*, <= 2.8.1 ; python_version < "2.7" ``` -------------------------------- ### Install Python Package with Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_similar_deps/requirements/stage.txt This example demonstrates installing a Python package with optional extras, specified in square brackets. This allows for conditional installation of features. ```Python eqeq-star [security] == 2.8.*, <= 2.8.1 ; python_version < "2.7" ``` -------------------------------- ### Benchmark Configuration Example (YAML) Source: https://github.com/replit/semgrep/blob/develop/perf/README.md An example configuration file for defining Semgrep benchmarks. It specifies the repository to benchmark, the commit hash, the Semgrep rule configuration files, and any additional command-line options to be used. ```yaml runs: - name: zulip # zulip rules on zulip repos: - url: https://github.com/zulip/zulip commit_hash: 829f9272d2c4299a0c0a37a09802248d8136c0a8 rule_configs: - rules/zulip/semgrep.yml opts: [--fast] ``` -------------------------------- ### Semgrep CLI Scan Example Source: https://github.com/replit/semgrep/blob/develop/README.md This example demonstrates how to perform a code scan using the Semgrep command-line interface. It shows a basic command structure for scanning a project. ```Shell semgrep scan --config "p/ci" ``` -------------------------------- ### Install Python Package with Extras Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_folder_no_src/requirements/stage.txt This example demonstrates installing a Python package with optional extras, specified in square brackets. This allows for conditional installation of features. ```Python eqeq-star [security] == 2.8.*, <= 2.8.1 ; python_version < "2.7" ``` -------------------------------- ### Run Semgrep Core Tests Source: https://github.com/replit/semgrep/blob/develop/tests/README.md Demonstrates how to execute all semgrep-core tests from the project's root directory. It also shows how to run specific tests by filtering them based on a string pattern. ```bash make core-test ``` ```bash ./test -s 'php' ``` -------------------------------- ### Run Semgrep Query Example Source: https://github.com/replit/semgrep/blob/develop/README.md Demonstrates how to run a Semgrep query interactively to find specific code patterns, using Python as an example to detect cases where a variable is compared to itself. ```bash $ semgrep -e '$X == $X' --lang=py path/to/src ``` -------------------------------- ### Check Semgrep Installation and Overview Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/aliengrep/markdown.md This command verifies that Semgrep has been installed correctly and provides an overview of its functionalities. It's a standard way to check if the tool is ready for use. ```sh $ semgrep --help ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_no_src/requirements.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Check Semgrep Installation and Overview Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/spacegrep/markdown.md This command verifies that Semgrep has been installed correctly and provides an overview of its functionalities. It's a standard way to check if the tool is ready for use. ```sh $ semgrep --help ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder_no_src/requirements.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Manual Semgrep Build and Test Source: https://github.com/replit/semgrep/blob/develop/INSTALL.md Commands for setting up, building, and testing the Semgrep project manually using make. This includes updating git submodules and running routine builds and tests. ```bash $ git submodule update --init --recursive $ make setup # meant to be run infrequently, may not be sufficient $ make # routine build $ make test # test everything ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder_dep_dupes/a/b/requirements/stage.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Semgrep Pattern and Target File Structure (Go Example) Source: https://github.com/replit/semgrep/blob/develop/tests/README.md Illustrates the file organization for semgrep patterns and targets, specifically for the Go language. It shows a pattern file (`.sgrep`) and its corresponding target file (`.go`). It also highlights the use of a `POLYGLOT` directory for patterns shared across multiple languages. ```go go ├── ... └── shortassign.go └── shortassign.sgrep ``` ```go go ├── ... └── regexp_string.go POLYGLOT ├── ... └── regexp_string.sgrep ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested/requirements.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_nested_folder/a/b/requirements/stage.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_dep_dupes_no_src/requirements/stage.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Spacegrep Installation Source: https://github.com/replit/semgrep/blob/develop/src/spacegrep/README.md Provides the make commands to build and install the spacegrep binary. 'make build' compiles the tool, and 'make install' places it in the system's PATH for easy access. ```makefile make build # builds the spacegrep binary make install # puts spacegrep on your $PATH ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_no_src/requirements.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ``` -------------------------------- ### Semgrep CLI Commands Overview Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/snapshots/test_help/test_help_text/-h/help.txt Lists and briefly describes the various commands available in the Semgrep CLI. These commands cover functionalities like CI integration, Pro engine installation, authentication, LSP server, rule publishing, scanning, and rule validation. ```bash semgrep ci semgrep install-semgrep-pro semgrep login semgrep logout semgrep lsp semgrep publish semgrep scan semgrep show semgrep test semgrep validate ``` -------------------------------- ### Local Python Package Installation Source: https://github.com/replit/semgrep/blob/develop/cli/tests/default/e2e/targets/dependency_aware/requirements_multiple_lockfiles_no_src/requirements/stage.txt This example shows how to specify a local Python package for installation, typically from a wheel file or a directory. ```Python ./downloads/numpy-1.9.2-cp34-none-win32.whl ```